Web Security for Dummies

Computer networks, both public and private, are used every day to conduct transactions and communications among businesses, government agencies and individuals. These networks are comprised of "nodes", which are "client" terminals (i.e individual user PCs) and one or more "servers" and/or "host" computers. They are linked by communication systems, some of which might be private, such as within a company, and others which might be open to public access. The obvious example of a network system that is open to public access is the Internet/Web, but many private networks also utilize publicly-accessible communications. Today, most companies' host computers can be accessed by their employees whether in their offices over a private communications network, or from their homes or hotel rooms while on the road through normal telephone lines.

Network security comprises the measures a company takes to protect its computer system, and it is a prime concern for every company that uses computers. Compromised network security means a hacker or competitor may gain access to critical or sensitive data, possibly resulting in data loss, or even complete destruction of the system. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.

Securing Network infrastructure is like securing possible entry points of attacks on a country by deploying appropriate defense.

Here's an introduction to some of the biggest and most dangerous threats to the network security of a business to make you aware of security problems facing networks today.

Viruses and Worms
The term virus has long been used generically to describe any computer threat, but in actuality it refers specifically to malware that inserts malicious code into existing documents or programs, and then spreads itself by various means.

The reason people often call every computer threat a "virus", is because viruses are the original type of malware, actually predating the public Internet. Today, viruses are still by far the most common type of network security threat, and over 90 percent of viruses are spread through attachments on emails. Often the attacker will combine a virus with a "zombie" attack (discussed below) so that you will receive an email with an attachment from a friend that actually contains a virus.

Trojan Horses

A Trojan horse is a malware attack that disguises itself as something innocent, such as a computer game, or a YouTube search results page.

Trojans are particularly dangerous because they all appear so innocuous on the surface. Often Trojans embed themselves on a particular website (usually adult, gaming, or gambling), hide in downloaded free software, or, as in the "Saddam" Trojan horse, a person might be infected by clicking on a link sent to them in an email.

Spam
Depending on the source cited, spam makes up 70 to 84 percent of daily emails sent throughout the world. All that spam results in billions of dollars in lost productivity and creates an ever increasing need for IT resources to filter out this irritating and potentially malicious menace.

Spam email takes a variety of forms, ranging from unsolicited emails promoting products, to coordinated spam attacks designed to take up so much bandwidth on a network so as to cause it to crash. A more recent trend is image spam, which eats up even more bandwidth than its textual cousin, and often circumvents contextual spam filters which analyze the message text to look for indications that the email is spam.

Phishing
Phishing refers to spam emails designed to trick recipients into clicking on a link to an insecure website. Typically, phishing attempts are executed to steal account information for e-commerce sites such as eBay, payments processors such as PayPal, or regular financial institutions' websites. A phishing email supplies you with a link to click on, which will take you to a page where you can re-enter all your account details, including credit card number(s) and/or passwords. Of course, these sites aren't the actual bank's site, even though they look like it.

Packet Sniffers
Packet sniffers capture data streams over a network, thus allowing for the capture of sensitive data like usernames, passwords and credit card numbers. The result, unsurprisingly, is the loss of data, trade secrets, or online account balances. For network managers specifically, even bigger losses can come from lawsuits due to noncompliance of data protection regulations.

Packet sniffers work by monitoring and recording all the information that comes from and goes to your computer over a compromised network. So in order to be effective, the packet sniffer must first have access to the network you are using. The most common way to do this, is through using something called honeypots. Honeypots are simply unsecured wifi access points that hackers setup and trap people into using them.

Password Attacks
A 'Password Attack' is a general term that describes a variety of techniques used to steal passwords to accounts.

- Brute-force. One of the most labor intensive and unsophisticated methods hackers use to steal passwords is to try to guess a password by repeatedly entering in new combination of words and phrases compiled from a dictionary. This 'dictionary attack' can also be used to try to guess usernames as well, so developing difficult to guess usernames and passwords is increasingly vital to network security.

- Packet sniffers. As discussed above, Packet Sniffers glean data electronically from a compromised network.

- IP-spoofing. Similar to 'Honeypots', this attack involves the interception of data packets by a computer successfully pretending to be a trusted server/ resource.

- Trojans. Trojans are actually invasive, as discussed above, and of these methods, are the most likely to be successful, especially if they install keyloggers.

Shared Computers
n the IT community, it is often said that shared computers are like public bathrooms, they may appear clean, but are usually chock full of viruses. Thankfully, the danger of shared computers is one network threat that you can largely render harmless by limiting the activities that you and your employees perform.

Zombie Computers and Botnets
If you've ever wondered who is sitting around sending out all those spam emails, the answer may be you. A recent New York Times article estimates that as much as 80 percent of spam messages are sent out by the computers of ordinary individuals who have no idea their computers have been converted into 'zombies'. A 'zombie' computer is simply a computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner's email address.

Infected 'zombie' computers, are organized by spammers into small groups called 'botnets'. These 'botnets' then send out spam that may include phishing attempts, viruses and worms. Unfortunately for network managers and business owners, the 'zombie' malware threat is expected to continue to grow both in number and variety over the next few years.

Spyware
Spyware is any product that employs a user's Internet connection in the background without his or her knowledge, and gathers/transmits information on that user or his or her behaviour. It is a rather loose term for a class of software that is generally unrequested, hidden and unknown on the user's PC. Its purpose is to quietly mail home with information about the user, and is usually associated with adware.

It is insidious in that it is often built into genuine and useful shareware programs - and there is often 'small print' in the agreement that nobody reads but confirms its acceptance by the user. In this way, spyware usually defeats personal firewalls since it is specifically allowed by the user.

Secure Web Gateways