Basic Computer Security Tutorial

Date 9-07-04

The purpose of this tutorial is to provide basic security practices and information to help readers
secure their computers against viruses, worms, trojans, spyware, adware, and hackers. It will
provide information about security practices and how to implement them along with many tips
that will help readers understand how to operate their computer more securely and safely.

Security Measures

If you do not at least have a personal firewall and anti-virus protection then you should not
connect your computer to the internet. Not following these basic requirements is a perfect
formula for getting trojans, viruses, worms, and backdoors which can ruin your system causing
you to need to reformat your hard drive and re-install your operating system.

Summary of Security Requirements and Recommendations

This page summarizes reasonable security requirements and recommendations which all
computer users which access the internet should take to protect themselves and the internet
community in general. Subsequent pages will discuss the details of why these precautions should
be taken and how to implement them.

Security Requirements

1. Every computer that connects to the internet in any form MUST have a personal firewall.
2. Every computer must have virus protection and it must be kept current.
3. Only open e-mail attachments when you are sure the sender is really who it appears to be.
4. Only browse the internet with a safe browser or change your browser settings to make it
more secure.
5. Operate at least one anti-spyware/anti-adware program on your system.
6. Be very careful about downloading and installing programs from the internet, especially
free ones.
7. Keep your e-mail address confidential and NEVER post an email address in an unsecured
web page on the internet. This practice reduces spam and chance of getting virus or scam
emails. Use a different email address to give to those you are not sure you can trust. Be
aware of how retailers may use your e-mail. Some retailers that are very well known have
been known to sell email addresses.
8. Be wary of malicious hyperlinks. Malicious hyperlinks are web links that look like they
will take you to a particular site such as ebay.com but in reality they will take you to
another site. Manually type the address of the site you want to go to rather than clicking
on the link in an e-mail.

Security Recommendations
 1. Educate yourself about internet threats and how computers work.
2. Encrypt any sensitive data that you store on your computer.

As the security field changes and computer intruders become more aggressive, it is becoming
increasingly necessary for all computer users to have at least a basic understanding of the
operation of computers. For example, they should know what a file is, that it requires a certain
amount of space to store, and that there are different file types associated with specific
applications that access them. For more help in this area, the Computer Technology
Documentation Project Basic Computer Section is worthwhile reading.
 Biometrics is about verification and identification. It is about verifying the identity of an
individual based on measurable physiological and/or behavioral characteristics. Masquerade,
spoofing or impersonation — in which an individual claims to be someone else — is a
significant security threat. A key security service that addresses this threat in the world of
computers is authentication. Authentication verifies a user's identity. An individual can be
identified and authenticated by what he knows (password), or by what he owns (smart card) or
by his human characteristics (biometrics). Unlike a password or a PIN, a biometric trait cannot
be lost, stolen or recreated.

Consider the following statistics:

 more than 40 percent of all helpdesk calls are password-related;

 the worldwide annual cost of corporate fraud is $32 billion, according to Price Waterhouse.

So how does biometrics relate to e-commerce security? The pillars of e-commerce security are:

 authentication
 privacy (data confidentiality)
 authorization (access control)
 data integrity
 non-repudiation

Biometrics is a security mechanism that supports the authentication security service.

Biometrics techniques
Examples of biometrics techniques include fingerprints, facial recognition, retinal, iris scanning,
hand geometry and voice patterns.

Hand, face, and fingerprint authentication techniques are all user-friendly and accurate enough
for most PC-user authentication purposes. Hand authentication is gaining acceptance for physical
access and attendance checking, but it requires bulky reader hardware. Face identification
requires camera equipment for user identification; thus, it is not likely to become popular until
most PCs include cameras as standard equipment. This leaves fingerprint identification as the
most viable and established biometric technique for verifying the identity of a PC or network
user. And, in most cases, fingerprint authentication is the easiest and most economical biometric
PC user authentication technique to implement.

Voice recognition is however not a good choice for PC or network user authentication since:

 A person's voice can be easily recorded and used for unauthorized PC or network access.

 An illness such as a cold can change a person's voice, making absolute identification difficult or
impossible.
 Accuracy: Retinal scanning and iris identification are both highly accurate ways of identifying
individuals; however, they are both expensive to implement and most organizations do not need
this level of accuracy. Hand, face, and fingerprint authentication techniques offer good accuracy
for a smaller investment in scanning hardware.

Biometrics techniques may be based on physiological- or behavioral-based techniques.

Physiological techniques measure the physiological characteristics of a person — examples
include fingerprint verification, iris analysis, facial analysis, hand geometry-vein geometry, DNA
pattern analysis and ear recognition. Behavioral-based techniques include handwritten signature
verification, keystroke analysis, and speech analysis.

The advantage of using biometrics over other technologies in the areas of identification and
verification is that a biometrics technique cannot be easily transferred between individuals.
Further, it represents as unique an identifier as is possible at this time.

Biometrics performance measures

Key biometrics performance measures are:

 False acceptance rates (FAR), which specify the likelihood that an imposter may be falsely
accepted by the system.

 False rejection rates (FRR), which specify the likelihood that a genuine user may be rejected
by the system.

The enrollment time is the time it takes to enroll (register) a user to the biometric system. The
enrollment time depends on a number of variables such as:

 users' experience with the device;

 use of custom software; and

 type of information collected at the time of enrollment

For example, performance parameters associated with the Digital Persona U.are.U vertical
fingerprint sensor (reader) are:

 a false acceptance rate of less than or equal to 0.01 percent;

 a false rejection rate of less than 1.4 percent; and

 the image capture area is 26×14 mm.

Performance parameters associated with the SecuGen EyeD Mouse (fingerprint reader) are:

 a false acceptance rate of less than or equal to 0.001 percent;

 a false rejection rate of about 0.1 percent; and

 image capture area is 21×31×59 mm (about the size of the thumb).

Biometric templates and the enrollment process

A biometric template is an individual's sample, a reference data, which is first captured from the
selected biometric device. Later, the individual's identity is verified by comparing the subsequent
collected data against the individual's biometric template stored in the system. Typically, during
the enrollment process, three to four samples may be captured to arrive at a representative
template. The resultant biometric templates, as well as the overall enrollment process, are key for
the overall success of the biometric application. If the quality of the template is poor, the user
will need to go through re-enrollment again.

The template may be stored:

 within the biometric device;

 remotely in a central repository; or

 on a portable card.

Storing the template on the biometric device has the advantage of fast access to the data. There is
no dependency on the network or another system to access the template. This method applies
well in situations when there are few users of the application. However, a device malfunction
would necessitate reinstallation of the template database or possibly re-enrollment of the user
base.

Storing the template in a central repository is a good option in a high-performance, secure

environment. Keep in mind that the size of the biometric template varies from one vendor
product to the next and is typically between 9 bytes and 1.5k. For example, with the SecuGen
EyeD Mouse, as a fingerprint is scanned, up to 100 minutia points are captured and run against
an algorithm to create a 256-byte binary template. An ideal configuration could be one in which
copies of templates related to users are stored locally for fast access, while others are
downloaded from the system if the template cannot be found locally.

Storing the template on a card or a token has the advantage that the user carries his or her
template with them and can use it at any authorized reader position. Users might prefer this
method because they maintain control and ownership of their template. However, if the token is
lost or damaged, the user would need to re-enroll. If the user base does not object to storage of
the templates on the network, then an ideal solution would be to store the template on the token
as well as the network. If the token is lost or damaged, the user can provide acceptable identity
information to access the information based on the template that can be accessed on the network.

Challenges
A key challenge is to automate the verification process in a user-friendly manner. The user
interface associated with the biometrics reader needs to be very user friendly. Further, the
 accuracy of biometric devices — the so-called error tolerance — is critical. Both key error
measures, the false accept rate and false reject rates, should be low. Some devices provide an
accuracy of 1 error for about 30,000 fingerprint impressions, while others may have an error rate
of 1 in 1 million impressions. Always check with the manufacturer of the biometric sensor on the
error rates.

Lack of standards especially related to the biometric application interface and independent
testing of biometric devices has been a challenge in this industry. The emergence of the bioAPI
framework will go a long way in addressing concerns related to the application interface
associated with biometric devices.

The bioAPI framework

A key objective of bioAPI was to create a standard for biometrics that was independent of the
operating system and of the biometric. Version 1.0 of the BioAPI specification is available at
www.bioapi.com. More than 50 firms are members of the bioAPI consortium.

The scope of the bioAPI specification is to define the API and the Service Provider Interface for
a standard biometric technology interface. The API model includes three principal high-level
abstraction functions:

 Enroll: A sample is captured from a device, processed into a usable form from which a
template is constructed, and returned to the application.

 Verify: One or more samples are captured, processed into a usable form, and then matched
against an input template. The results of the comparison are returned.

 Identify: One or more samples are captured, processed into a usable form, and matched
against a set of templates. A list is generated to show how close the samples compare against the top
candidates in the set.

Fingerprint-based biometric solutions

Small ridges form on a person's hands and feet before they are born and do not change
throughout life. These ridges are formed during the third and fourth month of fetal development.
Fingerprints of cloned monkeys, just like identical twin humans, have completely different
fingerprints.

The ridges on the hands and feet have three characteristics:

 ridge endings;

 bifurcations — a Y-shaped split of one ridge into two; and

 dots — short ridges that looks like dots.

 Under a microscope the fingerprint has unique characteristics known as minutiae points.
Common minutiae points are the intersections of bifurcations and ending points of fingerprint
ridges.

In an NT system for example, each time you log in, these minutiae points are recreated and
compared to the original, which is stored in the Security Account Manager (SAM) database. This
process is very quick. Normally you will be logged in faster than it would take you to type the 34
characters of a traditional text password.

With the advent of Automated Fingerprint Identification Systems (AFIS), a fingerprint can be
compared against every fingerprint in the entire database. No two fingerprints have been found
to have the same individual characteristics in the same unit relationship.

Facts to note about fingerprints:

A fingerprint device is typically a self-contained sensor that supports two key functions:

 a sensor for capturing a fingerprint

 the ability to communicate the digital image to the host processor via an interface such as
USB or serial.

Some key features of fingerprint sensor devices are:

 high-speed USB interface;

 high quality image capture and encrypted image data;

 plug-and-play;

 self-calibrating, rugged, small footprint;

 no external interface or power supply required; and

 support for Windows NT 4.0, Windows 2000, Windows 98 and 95 OSR 2.1 (USB)

Facial recognition-based biometric solutions

Facial recognition software translates the characteristics of a face into a unique set of numbers —
this is referred to as “eigenface”. The eigenface is used by both identification and verification
systems for facial comparisons made in real-time. Identification involves a one-to-many
comparison of an individual's face against all faces in a database in order to determine identity;
and verification is characterized as a one-to-one match of an individual's face to his or her stored
image for the purpose of confirming identity.

The brain deals with visual information much as computer algorithms compress files. Because
everyone has two eyes, a nose and lips, the brain extracts only those features that typically show
deviations from the norm, such as the bridge of the nose or the upper cheekbones. The rest it fills
 in. Facial recognition software today can instantly calculate an individual's eigenface from either
live video or a still digital image, and then search a database of millions in only a few seconds in
order to find similar or matching images. The challenge is to support rapid and accurate real-time
acquisition as well as its scalability to databases containing millions of faces.

Visionics is one of the leaders in facial recognition technology. Visionics develops and markets
pattern recognition software called FaceIt. FaceIt verifies a person's identity based on a set of 14
facial features that are unique to the individual and unaffected by the presence of facial hair or
changes in expression.

Viisage is another prominent biometrics vendor that specializes in facial recognition. For
example, in 1999 Viisage completed the development and deployed the world's first large-scale
drivers license face recognition system with complete database one to all search capabilities.
This system provides both duplicate identity fraud reduction and identity investigation
functionality. The system has been built to support growth to 20 million entries in the next 5
years.

“Early adopters and applications of facial recognition-based technology include ATM customer
ID verification; casino surveillance; airports; and Internet verification for e-commerce and home
workers.”

Early adopters and applications of facial recognition-based technology include:

 ATM customer ID verification;

 casino surveillance;

 airports; and

 Internet verification for e-commerce and home workers.

Conclusion
Biometrics is the technology of the millennium. Incorporating biometrics identity verification
can substantially enhance authentication services. Today's biometrics technology is ready for
utilization in commercial, production and end-user environments
Computer security authentication means verifying the identity of a user logging onto a network.
Passwords, digital certificates, smart cards and biometrics can be used to prove the identity of the
user to the network. Computer security authentication includes verifying message integrity, e-
mail authentication and MAC (Message Authentication Code), checking the integrity of a
transmitted message. There are human authentication, challenge-response authentication,
password, digital signature, IP spoofing and biometrics.

Human authentication is the verification that a person initiated the transaction, not the computer.
Challenge-response authentication is an authentication method used to prove the identity of a
user logging onto the network. When a user logs on, the network access server (NAS), wireless
access point or authentication server creates a challenge, typically a random number sent to the
client machine. The client software uses its password to encrypt the challenge through an
encryption algorithm or a one-way hash function and sends the result back to the network. This
is the response.

Two- factor authentication requires two independent ways to establish identity and privileges.
The method of using more than one factor of authentication is also called strong authentication.
This contrasts with traditional password authentication, requiring only one factor in order to gain
access to a system. Password is a secret word or code used to serve as a security measure against
unauthorized access to data. It is normally managed by the operating system or DBMS.
However, a computer can only verify the legality of the password, not the legality of the user.

The two major applications of digital signatures are for setting up a secure connection to a
website and verifying the integrity of files transmitted. IP spoofing refers to inserting the IP
address of an authorized user into the transmission of an unauthorized user in order to gain
illegal access to a computer system.

Biometrics is a more secure form of authentication than typing passwords or even using smart
cards that can be stolen. However, some ways have relatively high failure rates. For example,
fingerprints can be captured from a water glass and fool scanners.

Computer Security provides detailed information on Computer Security, Computer Security

Systems, Computer Network Securities, Computer Security Software and more. Computer
Security is affiliated with Information Security Systems [http://www.e-
InformationSecurity.com].

Article Source: http://EzineArticles.com/?expert=Kent_Pinkerton

6. Other security measures

6.1. Unused programs

At each 'service window' that your firewall leaves open (technical term: 'open port'), you should
have a computer program. This program should be providing some sort of service to your users.

Any program which isn't being used, but which has a connection outside your network, should be
shut down and the 'service window' (port) closed at the firewall. Every port which isn't
specifically in use should be shut down. Admittedly, this is a 'paranoia' position - the rationale
for shutting them down being that a closed port is safer than an open one, regardless of how good
the program is.

6.2. Bugs & patches

Programs which you are using need to stay operational, and their ports 'open'. However,
occasionally programs are vulnerable to clever attackers.

Vulnerabilities are reported to organisations on the Internet which make a point of informing the
companies or groups who write those programs, and distributing the modifications that these
companies or groups produce to patch the vulnerabilities.

Every so often someone in your company should go to those sites, read their reports for your
programs, and install the patches. Once a month is common, but you need to determine your own
balance between security and convenience.

6.3. Monitoring
How do you know if someone has broken into your system? The only way to know for sure is to
monitor it.

Some common types of monitoring tools are:

 The tripwire: On a read-only medium (like a write-protected floppy), store a program and
a small database. The program checks every file in the database to find out when it was
last changed, and sends the user the list of all the files which have changed since it first
ran. To prevent false reporting, the database should only include files which should never
be changed.

If any of the files have been changed, you may have been broken into. (Or your system
administrator installed a new version of the operating system and forgot to warn whoever
does the monitoring!)
 The sniffer: This tool checks all the traffic which goes through the network, looking for
suspicious activity. It's usually installed on the firewall, or on a special box just to one
side or the other of the firewall - though it would be more useful on the outside.

It doesn't attempt to block any activity, only to report it when it finds it.

 The honeypot: One for special circumstances - this system has most of the useful
programs (like directory listers or file removers or editors) removed and replaced with
special programs that shut the computer down as soon as they're run. The shutdown
prevents the intruder from further intrusion, and also from modifying the honeypot's logs.

These aren't very useful as working computers - they're simply traps.

 Log analysis: This is difficult - most intruders will be careful to wipe traces of their
activity out of the logs. I don't recommend its use by laymen, and include it here only
because it is an important tool for more experienced administrators.

Most operating systems keep a set of logs of their network activity. This usually consists
of things like 'opened this port', 'sent mail to this person', 'closed the port'. The content of
the mail is not kept, but the fact of its being sent is. This sort of information is a useful
tool for intrusion analysis (and for checking whether the system is running correctly).

Log analysis involves whoever does the monitoring going through the logs and looking
for strange occurrences. Logs look something like this:

May 13 09:57:03 gondwanah dhclient-2.2.x: DHCPDISCOVER on

lo to 255.255.255.255 port 67 interval 2
May 13 09:57:05 gondwanah dhclient-2.2.x: No DHCPOFFERS
received.
May 13 09:57:05 gondwanah dhclient-2.2.x: No working
leases in persistent database - sleeping.
May 13 09:57:05 gondwanah dhclient-2.2.x: No DHCPOFFERS
received.
May 13 09:57:05 gondwanah dhclient-2.2.x: No working
leases in persistent database - sleeping.
May 13 10:00:21 gondwanah dhclient-2.2.x: DHCPREQUEST on
eth0 to 10.0.3.1 port 67
May 13 10:00:21 gondwanah dhclient-2.2.x: DHCPACK from
10.0.3.1
May 13 10:00:21 gondwanah dhclient-2.2.x: bound to
10.0.1.1 -- renewal in 3500 seconds.

You're not expected to understand what this is! It's an attempt by my computer to get an
IP address (a number address) from the master computer on our home network. Log
analysis involves reading a lot of stuff like this, knowing what's normal and what isn't,
and dealing with the abnormalities.
 Which is why I don't recommend it for laymen.

6.4. What do I do if I think I've been broken into?

If it was a physical break-in, call the police.

If it was a network break-in, either call the police or:

 Shut your computer down.

 Call your trusted computer-expert friend, or hire specialists in computer security.

 Consider calling the police. Consider preserving the evidence.

 Let the experts take your computer off the network, reboot it, and take a look at the logs.
They will hopefully be able to figure out what type of attack it was.

 If you chose to preserve the evidence, make sure your computer experts know this before
they change anything.

 Let the experts check your files for damage. They may recommend reinstalling the
operating system, they may recommend restoring your data from your latest backup. Ask
them for the pros and cons of each option they offer, and each recommendation they
make. It's your data, but you hired them for their knowledge. So lean towards their
advice, but you make the decision.

 Get their advice on further securing your system. Listen to it.

6.5. Final words

Your security system is only as strong as its weakest part. A determined intruder will keep
looking until they find a vulnerability.

Security through obscurity is weak. A hidden thing is more secure than a highly visible one, but
don't trust hiding on its own to protect your data. A hidden safe is more secure than a sock under
the floorboards.