Securing US Computer Networks

In a report issued before the House of Representatives, computer security experts determined that the United States currently does not have the resources or technology to counter an online attack by a terrorist group or foreign country. In the testimony, they stated that the United States Computer Emergency Readiness Team did not fully address 15 cyber warnings as of July 2008. The report also suggests 12 important strategy improvements that will enhance the security of United States Networks. It concludes that “Until GAO’s recommendations are fully addressed and the above improvements are considered, our nation’s federal and private-sector infrastructure systems remain at risk of not being adequately protected.”

This report is significant for the security of the United States. If these warnings are not addressed, terrorists may be able to attack United States networks. Foreign nations have even obtained significant data about electrical grids in the United States and could use this information combined with the security flaws to cripple electrical power, which would devastate the economy of the United States.

Peer to Peer Security

How do popular file sharing programs such as Limewire or Bittorrent work? Your computer does not communicate with a central server like it would if you were visiting a website or ftp server. Rather, you communicate with computers that are part of the network. This concept is called peer to peer or p2p. When a user searches for a certain file from the network, the request is sent out to computers that are close to the user geographically. These computers are called nodes. These nodes receive the request and check if the file is a part of their shared files. If it is not, then they send the request to other computers close to them, which are also nodes. Once a file is found, it is echoed back from computer to computer until it reaches the original requesting computer.

Unfortunately, certain security issues arise when searches are performed this way. The main issue is that the request is sent across multiple computers and these nodes are responsible for deciding where to send the request. A malicious programmer can easily create a piece of malicious code that allows their computer to become a part a node within the network. When a request comes to this infected computer, rather than sending the request to other nodes it echoes that the file has been found on the computer. Then when the user downloads the file it is actually a virus, trojan, worm or other malicious piece of software. Another variation of this is that the infected node directs the user to a server which contains malicious software and the software is downloaded from there.

Dongles: Hardware Enforcement

Software vendors will take any measure necessary to ensure that their software is not pirated. Software encryption and copy protection are the most common forms of piracy prevention, however every single copyright protection has been broken within a matter of weeks after its debut. Because of this, some software packages use a device called a dongle to prevent unauthorized copying.

A dongle is a hardware device that attaches to a computer. The software checks for the presence of this dongle and if it is not present the software will not run. Copying software protected with a dongle is much more difficult because the physical dongle has to be replicated as well, and reverse engineering a dongle is not something the average person can do. Not only does it require knowledge of computer circuits, it also requires expensive robotic machinery that is able to build the computer chips necessary for the dongle.

Since the dongles are difficult to build at home, the effectiveness of the dongle depends on how the software checks for its presence. If a software pirate is able to develop a piece of code that tricks the software into thinking a dongle is present even if it is not then the copy protection falls apart. Some dongles solve this problem by placing important parts of the software's code on the dongle itself. Even if someone can trick the software into thinking a dongle is present, when the program goes to access the code on the emulated dongle it will fail and the program will not run properly.

Denial Of Service Attacks

A denial of service attack is when a malicious hacker prevents an authorized user from gaining access to a computer resource. Denial of service attacks are often carried out against large companies, such as banks or other financial websites. When one of these websites becomes a victim of a denial of service attack, customers are potentially unable to access the site and check the state of their finances or make purchases. This leads to a significant loss in revenue, especially for large sites such as ebay.

A denial of service attack can be carried out in many ways. One method is to flood the victim's machine with external communication requests so that it will be unable to respond to legitimate traffic. Attacks such as this can cause the internet speeds of an entire geographic region to be greatly reduced.

Operating System Security

A computer's operating system controls all major functions of the computer. It uses algorithms to determine which process gets access to the processor and handles all memory transfers. A secure operating system must be capable of determining which requests are safe to process and which are not.

Since many computers are connected to a network of some kind, the operating system is also in charge of all network traffic. If the operating system is poorly designed, a malicious hacker or malicious script will be able to force the host computer into doing something that the user did not intend to happen. Operating system security is so important that the United States Department of Defense created the Trusted Computer System Evaluation Criteria, which sets basic requirements that every operating system must have in order to be considered secure.

Database Security

Every single online business keeps databases. These databases hold sensitive information about their customers, including contact information, social security numbers, driver license numbers and credit card data. Since these databases hold sensitive data, keeping them secure is a top priority. This security is ensured in several ways. The first crucial aspect of its security is by controlling access to the database. This can be done physically, such as keeping the medium holding the database in a locked room and limiting access to only those who need it. This can also be done with software, such as only allowing certain computers or users access. This is is accomplished with authentication. Essentially it is a way of ensuring that the person who is accessing the database is authentic, or in other words this person should have access to the database. Since many people can have access to the database, auditing the database becomes necessary. This means that records should be kept about who entered the database and what was changed so fallacies can be corrected. Of course, someone unauthorized may be able to gain access to the database, therefore all data stored should be encrypted to prevent its contents from being read by unauthorized parties. The final part of database security is to ensure the integrity of the data. This can be accomplished with a CRC algorithm. This algorithm is a mathematical calculation that generates a CRC value for a certain set of data. This CRC value is attached to the end of the data. When the data is read, the CRC value is recalculated. If the new CRC value doesn't match the recorded one then the data has been corrupted and hence the integrity of the database has been comprimised.

Computer Security And Its Importance

Computer security is highly critical in keeping data safe. Unfortunately not all computers are secure. In 1994, anonymous hackers were able to gain unrestricted access to Rome Laboratory, the United States main command and research facility in aviation. With the help of trojan horses, these hackers were able to obtain classified documents. By posing as a trusted Rome Center user, these hackers were able to obtain classified information off of National Aeronautics and Space Administration's Goddard Space Flight Center and Wright-Patterson Air Force Base. Since they had full user privileges, they were able to completely remove any data that could be used to find out where the attack came from. Because of this incident, the idea of ethical hacking began. With ethical hacking, security experts hack computer systems in order to find security flaws.

Conficker Worm: Not An April Fools Joke

After analyzing the disassembled code for the Conficker worm, experts have determined that it will strike on April 1, 2009, otherwise known as April Fools Day. The worm has the ability to spread across networks and infect all unprotected computers within that network. In order to counter security measures that either block the spread of the worm or change its contents, the transmission is encrypted and only executes if the signature matches the public key. Originally, the worm created 250 new domains every day across 5 top level domains, which is the extension a website uses (.com, .net, etc.). Each of these domains is then used to send out more copies of the worm to computers within a network. As a countermeasure, TLD registrars (those who assign domains) stopped all traffic to these domains. The creator responded to this by releasing a new version, Conficker.C which will create 500,000 new domains everyday. This prevents TLD registrars from being able to stop all traffic caused by the worm due to the sheer number of domains that need to be blocked.

Even though the disassembly has shown how the worm operates, experts are still unsure what the worm will actually do once it becomes activated on April 1st. This is because the creator took considerable care in scrambling the source code, also known as obfuscating, which makes it difficult to turn assembly code (the code that is used by computers) into a higher level language that is easily read and understood by humans. The worm can prevent important Windows services from functioning, including Windows update, which contains the patch that will fix the exploit the worm is using. It may cause denial of service attacks, or it may simply just be an April fools joke that eats up network bandwidth. Either way, the situation is critical and Microsoft has offered a $250,000 reward leading to the arrest and conviction of those involved with the creation or distribution of the worm.

Linux: More Secure Than Windows

When security and reliability become vital to a software package, a Linux-based operating system is almost always used. For example, software that NASA and The Department of Defense uses to keep their secrets safe are based off of a Linux operating system. The main reason Linux is safer is because it is open source. Being open source allows for anyone to view the source code of the software and find bugs. This is especially true for The Department of Defense. They simply cannot leave the security of the nation up to an operating system that they cannot verify for themselves. Since most operating systems, such as Microsoft Windows, hide their source code they are not a viable option for highly critical applications. The Department of Defense is able to verify every single line of code in the Linux-based operating systems they use, but they cannot view the source code of Windows due to copyright reasons, therefore they use Linux.
Since Linux is open source, bugs are fixed much faster than other non open source software. This leaves less security holes for an ill-meaning person to exploit. Also, Microsoft Windows has the majority of operating systems market, meaning that most viruses and other malicious software is targeted towards Windows, and not Linux. Therefore there is less malicious software that can affect a Linux-based operating system. The end result is a safer and more reliable operating system.

Passwords: How Are They Secured?

Just how do passwords work? Perhaps the average user hasn’t given it much thought, however the password has to be digitally stored somewhere within a computer system so that the password-protected program can check the entered password against the correct one. Obviously, this can cause security issues. If the password is stored on a computer or in a database for a company, what will stop a person from simply searching for the file in which the password is stored and reading it?

This solution to this problem is hashing. Hashing uses a mathematical formula to convert the original password into something that is impossible to read by a human. This formula is designed so that it is a one-way process. A password can be converted into a hash but it is almost impossible to convert a hash back into the password. This leads us to another problem. If the hash cannot be converted into a password, how does the program verify the password entered? It doesn’t actually compare the passwords, it compares the hash to the passwords. If the two hashes don’t match, then the password was incorrect. However, this leads us to yet another problem. Certain mathematical formulas can give the same hash value for two completely different passwords. Therefore, before the mathematical formula is used, a formal proof is necessary to ensure that it will produce a different hash for every single password. Once hashing is implemented, even if someone is able to obtain the list of hashes they will not be able to extract the actual passwords.

Buffer Overflows: When Your Computer Loses Control

Often, people wonder just how someone or some program is able to take control of a computer. I know I do at least. One common way this is accomplished is through a buffer overflow attack. While a computer program is running, it will often make a call to a function within the code. Essentially, this function is a piece of code that can be called more than once, and uses different data each time. This saves a programmer time because it provides an outline of sorts. Suppose a program is required to calculate the interest earned in a bank account for a large number of accounts. Rather than writing the same formula over and over, relevant information is passed into the function and the answer is returned. When the function is actually called, a run time stack is used, much like a stack of cards. All local data relevant to the function is placed on the top of the stack, along with the address of where to return to after the function completes its execution, because the program has to return to the same spot once the function is completed. All of the data is popped off of the stack when the function is finished, with the return address being the last piece.

There are two main types of buffer overflow attacks: a variable attack and a stack attack. A variable attack is when a key variable, or piece of information, is changed. Using the interest program as an example, an attacker may be interested in changing the current balance on the account. The program expects a certain type of information to be uploaded, and allocates space for that type of variable. Memory is concurrent, meaning that there is no space between different variables. More information than the program expects is uploaded, so the information overflows into the next allocated block of space, changing its value.

A stack attack uses a similar approach as a variable attack, however rather than changing the value of key variable it changes the return address. Once the return address is changed, the program does not return to the same spot it was before, but rather returns to the beginning of a piece of inserted malicious code and executes that. Thus the user is expecting to run a program, but a different piece of code is executed, allowing the attacker to take control of the computer.

RFID Chips In Credit Cards: Are They Secure?

Often people do not realize that virtually everything somehow relies on a computer chip. What people also do not realize is the security issues involved when a computer chip is used to control a device, particularly one that deals with sensitive data. When a computer chip becomes integrated into a credit card, security issues become paramount.
An experiment done by The Univerisity of Massachussets proved such vulnerabilities. Even though the protocols and commands used by Radio frequency identification chips, or RFID, could not be found publicly, the team of researchers were able to reverse engineer both the readers and the credit cards themselves. They stated that "The experiments indicate that all the cards are susceptible to live relay attacks, all the cards are susceptible to disclosure of personal information, and many of the cards are susceptible to various types of replay attacks. In addition, we successfully completed a cross-contamination attack against the magstripe of one card. All but one of the other cards tested appear to be susceptible to the cross-contamination attack as well." Unfortunately, people are led into a false sense of security when they used credit cards with an embedded RFID chip. If people knew of these vulnerabilities, would they be so willing to use these credit cards? If they also knew that these cards could also be read from a distance of 33 feet away with the proper equipment, would they be so quick to accept them? I know I wouldn't.
For more information, visit the University of Massachussets study here.

Viruses: Not always what they seem

In today’s complicated world of computer security, detecting viruses and other malware has become essential in keeping your computer secure. However, often times security software requires that people use common sense. If a computer file does not contain an exe extension, meaning that it is a runnable program, it usually cannot perform any malicious acts upon your computer. Unfortunately, as blogged about by pccybertek, a new virus is able to embed itself in a gif file, which is a type of file that normally contains an image. Fortunately, the virus cannot be run unless the extension of the file is changed to exe and the user runs it. This blog states that “you don't have to worry about .gif files being a virus at this time”, however I disagree. I think that most people are uneducated in the field of computer security, and they may just unknowingly change the file extension, especially if something pops up telling them to do so. I feel that this actually does pose a significant security risk, since many anti-virus programs skip files that aren’t able to be infected, a gif being one of them, in the interest of faster scanning times. This would allow the file to reside on your computer undetected until someone finally changes the extension and the program is allowed to run. So what should be done? I agree with pccybertek when he states that “You should never have to change the extension”. If you are asked to change the extension, it is probably a virus and should be deleted immediately. Also, if the file is unable to be opened through normal means or if an error comes up when opening the file, then chances are the file extension is wrong and it should be deleted immediately.

Open Source: Is it safer?

Open source software means that the code used to create the program is publicly known, and not hidden like most software packages a person would pay for. These programs, such as the web browser Mozilla Firefox and Linux based operating systems claim to be safer than their counterparts Microsoft's Internet explorer and Microsoft Windows. What makes these programs safer, when there are teams of professionals working on Microsoft's products?
Most security issues arise because of a bug in a certain program. These bugs, such as buffer overflows, allow a ill-meaning person to exploit the error in the code and force the program to do something the developer did not intend the program to do. These bugs are common and every single program has them. Therefore, it is not how many bugs a program has the determines the security of the software but how the bugs are dealt with and how easy it is to find them. When a company hides the code of the software, it becomes difficult for the end user to find where an error in the code is if one occurs. This is where most bugs surface, because it is impossible to simulate every possible use of the program before it becomes available to the public. The user simply sends a report to the software vendor and they try to recreate the exact situation to find the bug. Unfortunately, this is not always possible because a program has an almost infinite number of directions it can go in, thereby constantly changing variable values. However, if the code is publicly available, the end user can debug the software exactly when the error occurred, increasing the probability that the bug can be found. Since more people are looking for bugs than in software where the code is hidden, the time it takes for the bug to be fixed greatly decreases. In fact, according to independent tests, Internet Explorer was unsafe for 284 days in 2006 while Mozilla Firefox was unsafe for only 9. Sometimes the best things in life really are free.

Encryption: Not Just For Home Computers

How often have you used a keyfob to unlock your car door remotely? Have you ever wondered if a thief could somehow find out the master code that would allow them to unlock any car? Fortunately, automobile engineers and computer scientists have already anticipated this problem and implement a few important security features.
Most keyless entry systems broadcast on a frequency between 300 and 400 mhz. However, if the key fob used the same frequency every time, it would be relatively easy to produce the proper frequency to unlock any car. This is where computer chips rise to the challenge. Whenever the unlock button is pushed on the keyfob and the car is within range to receive the signal, the frequency used by the keyfob changes. A computer inside the vehicle will then only respond to that exact frequency. The code is stored inside the car, so in order to hack it the thief would have to break into the car by some other means, defeating the purpose of gaining entry remotely. Which frequency occurs next is random, reducing the probability that a thief would be able to predict the frequency the vehicle will accept next. However, true random numbers cannot actually be produced by a computer. A random number within a computer satisifies mathematical properties ensuring that each number is equally as likely as the next, but a seed must be given indicating where to start within a table of random numbers. If the computer starts at the same seed everytime, the same sequence of random numbers will be produced. For this reason, the codes indicating the next number in the sequence are encrypted as well. In general, encryption means that the data is scrambled and unreadable, unless the key or mathematical function that transforms it into readable data is known. All of this essentially means that unlocking a vehicle remotely can be done with confidence.

PC Security 101

After a long day at work, you come home and fire up your trusty home computer, hoping to check your email and browse the web. After what seems like ages, it finally boots up, only to immediately turn off. Frustrated, you try again; but to your dismay nothing seems to be able to resurrect it. Does this sound familiar?
Unfortunately, this is an all too common scenario. What has most likely happened is the computer has been infected with any number of viruses, trojans and spyware which hinder the performance of the computer. Some of these are able to heal themselves by connecting to the internet, while others store multiple copies on your hard disk drive in case one becomes damaged. Unfortunately, I have learned from personal experience that the fastest and only guaranteed way to restore your computer to a usable stage would be to completely reformat your hard drive and re-install the operating system, wiping all of your data. But what could be done to prevent this from happening in the first place?
For any computer that is connected to the internet, an antivirus program is an absolute must. Unfortunately, there are so many of them out there that choosing the right one becomes a daunting task. According to independent tests, a free program called Avira Antivirus detected the most viruses, malware, worms, trojans and other malware with a detection rate of 99.2% out of a set of 1,096,202 malicious programs. In terms of antiviruses, that's quite impressive.
At one time, an antivirus program was able to fully protect your personal computer. Unfortunately, spyware has been increasing in recent years, so a good antispyware program is essential. Spybot Search & Destroy searches for more than 24,000 different possible infections and is available for free here. These programs still won't keep you safe from hackers, so a firewall is essential. Although Windows XP and Vista have built in firewalls, a good firewall will improve the security of your computer. According to a consumer research company, the best free firewall is Comodo Antivirus, which is available here. All of the programs I have mentioned are free, so improving the security of your computer does not have to correlate with the draining of your wallet.

$1 Trillion Dollar Data Loss: Just What Hackers Ordered

It seems that 2008 was a grim year, but not just in terms of the economy. McAfee, the maker of a well-known antivirus, has estimated that the total economic loss due to data theft in 2008 was $1 trillion dollars. To put that in perspective, it is approximately 1/10 of the current federal deficit. Imagine what could be done with $1 trillion dollars.
So why was the number so high? Well, according to McAfee malware increased by 400% in 2008 and over 80% of businesses surveyed found some sort of malware on their computers capable of stealing valuable financial information. Ironically, not even companies that make security software are safe. Kaspersky, which has produced an antivirus that in many independent tests detects a higher percentage of viruses, worms, trojans and rootkits than either McAfee or the well known Norton Antivirus, while producing very few false positives, had its website hacked over the weekend with a simple SQL injection. Apparently no one is safe, but what can be done to reduce the probability of an attack like this affecting your own personal finances? Tune in next time to find out.

Encryption: The Backbone of Security

In order to protect sensitive data being sent across the internet, a process called encryption is used. Encryption uses some sort of mathematical function that transforms the data, making it unreadable by everyone except the person who possesses the key, which is used to transform the data back into its original state. When the data is transformed, the process is called encrypting. When the data is received and converted back into its original form, the process is called decrypting.
How well an encryption technique works depends upon several factors. First, the larger the key is the safer the data will be. What is more important is what technique is used. The transformation must create a set of data that does not seem to fit any kind of patterns, otherwise it would be simple for a computer program to simulate data and find the function that was used.
One of the problems encountered when data is encrypted is that somehow the encryption key has to be known by both parties. This creates a problem because the encryption key has to be sent unencrypted, or encrypted by some other encryption technique. However, this means that if the other encryption technique has already been cracked then the new key will be immediately know. Public key cryptography, also known as asymmetric cryptography overcomes this problem. This algorithm is employed by SSL encryption, which is used for many banking sites and to verify passwords for emails. This algorithm uses two keys; one is used to encrypt the message and the other is used to decrypt it. Therefore only one key needs to be made public, and the other can be kept private. The public key can be used by anyone to encrypt a message, but it can only be decrypted by the private key. This increases the overall security of the encryption algorithm.

Removing the Nav Bar

How many of you have been annoyed by the navigation bar at the top of your blog? In my opinion, it just takes away from our blogs. Being a computer science guy, I knew that there had to be a simple solution to removing it. After a bit of research I found out that a simple CSS definition would work quite nicely in this situation.
For those of you who don't know what CSS is, it is simply an extension to HTML or any kind of XML document that allows for changes to the way a web page is laid out. In this case we will use it to remove the annoying navigation bar. Now that we know what CSS is, how do we implement it?
Obviously, you must first log in to your blogger accout. Under the section titled Manage Blogs click on layout. Near the top you will find four options: Page elements, Fonts and Colors, Edit HTML, and Pick New Template. What we are interested in is editing HTML, so click on that link and it will take you to the html layout of your blog. If you have never seen HTML before, what is laid out on the page before you may seem like gibberish, but have no worries for what you are going to do is simply paste a bit of code just above the Variable definitions. Search for /* Variable definitions and post this code above it:

#navbar-iframe {
display: none !important;
}

Click on preview to make sure it works and then save template. That's it, you're done!

Windows 7: The answers to the problems of Vista?

Let's face it, Windows Vista is not what it was hyped to be. Perhaps it may not be as bad as Windows ME (it only lasted for a year and was quickly replaced by Windows XP), but it definitely does not deliver in terms of speed and performance when used with the exact same hardware. Actually, Windows 98 performed better than Vista-so what gives? (actual benchmark tests available here.)
What many people don't realize is that sometimes speed isn't everything. Windows Vista is much more secure than XP, due to the implementation of Windows defender to prevent spyware and other threats. The internal workings of Vista was changed to prevent the ongoing problems Windows XP had with buffer overflows, which presents a significant security risk. So it seems like Windows Vista is the clear choice? Well, not exactly. Due to the high system requirements, some people found that updating to Vista was impossible without upgrading or replacing their entire system. Others who upgraded with the minimum specifications found that Vista was much slower than XP. Windows 7 promises to be more efficient and easier to use.
Nowadays, most computers are dual-core or even quad-core. Engineers were no longer able to make a computer chip any smaller or faster due to heat concerns, so they integrated two or more chips into one, so essentially data is processed by two chips at once. While this offers a significant increase in speed, neither Windows Vista nor XP are designed to efficiently take advantage of these multi-core machines. Windows 7 will have some minor tweaks that add some flexibility to the scheduling of processes thus allowing it to more efficiently use these multi cores. Combine that with an improved user interface and perhaps Windows 7 will finally be able to replace Vista so downgrading to XP will no longer be necessary. Until then, my computer with XP and some independent security software suits me just fine.