Computer security is the process of preventing and detecting
intrusions into your computer system. Prevention measures help you
keep intruders from accessing any part of your computer
system. Detection helps you to determine whether or not someone
attempted to break into your system, whether or not they were
successful, and what they may have done.
We now use computers for everything from banking and investing to
shopping and communicating with others through email or chat programs.
Although you may not consider your communications "top secret," you
probably do not want strangers reading your e-mail, using your
computer to attack other systems, send forged email from your
computer, or examining personal information such as financial
statements.
Unauthorised people who try to break into computers, either in a
local network or using the Internet are called intruders. They may not
care about your identity. Often they want to gain control of your
computer so they can use it to launch attacks on other computer
systems. Having control of your computer gives them the ability to
hide their true location as they launch attacks, often against
high-profile computer systems such as government or financial
systems. Even if you have a computer connected to the Internet only to
play the latest games or to send email to friends and family, your
computer may be a target.
Other intruders cause trouble by reformatting your hard drive,
changing your data, or by watching all your actions on the computer.
Unfortunately, intruders are always discovering new vulnerabilities
(informally called "holes") to exploit in computer software. The
complexity of software makes it increasingly difficult to fully test.
When holes are discovered, computer vendors will make patches to fix
them. However, it is up to the user to find and install the patches.
Most of the incident reports of computer break-ins received at CERT\CC and
AusCERT could have been prevented if system administrators and users kept
patches up-to-date.
Also, some software applications have default settings that allow
other users to access your system unless you reconfigure the
settings. Examples include chat programs that let outsiders execute
commands on your system or Web browsers that could allow someone to
place harmful programs on your computer that run when you click on
them.
On Windows systems, two tools commonly used by intruders are
BackOrifice and Netbus. These are known as back door or remote
administration programs; once installed, they allow other people to
access and control your computer. We recommend that you review the
CERT vulnerability note about Back Orifice. This document describes
how it works, how to detect it, and how to protect your systems from
it:
The following ISS X-force advisory discusses Back Orifice and
Netbus.
Another form of attack is called a Denial of Service (DoS) attack.
This type of attack causes your computer to crash or to become so
overloaded that you are unable to use it. In most cases, the latest
patches will prevent the attack. The following document describes
Denial of Service attacks in greater detail.
The best way to secure your computer is to prevent intruders from
attacking your system in the first place. To do this, install current
patches for your operating system and your applications. Beyond
patches, be aware of the types of attacks and vulnerabilities used by
intruders, install only the applications you really need, and back up
your data regularly.
As there is an increase in digital subscriber line (xDSL) and cable
modems more home computers are constantly connected to the Internet.
Consider setting up a firewall to prevent intruders from breaking into
your computer. A simple firewall for home use could be put together
using an old 486 computer (very cheap) running Linux (free). The
following document discusses how to setup a firewall with Linux.
Computer viruses are another wide spread problem. They spread
easily through floppy disks, email, or by programs downloaded from the
Internet. They can cause problems ranging from reformatting your hard
drive to changing data. Once created, viruses spread without help from
their creators. You can get them from people at the office, using
computers at school, or in a document emailed to you by a friend.
To protect yourself, we recommend that you install a virus
scanning/detecting/cleaning program. The following Computer Virus
Resources document has a number of links to information about computer
viruses, hoaxes, and chain letters.
Once you start using a virus detection/prevention program it is
very important to keep it up to date. New viruses are continuously
created, and vendors of virus detection software offer updates to
detect them. To get the latest updates, check the manuals or the
vendor web page. Some virus detection software offers methods to
automatically get the updates via the Internet.
Unfortunately, Windows 95/98 does not have a good way to track who
logs into your computer and what files they may have accessed. (If
this is a problem for you, see "What if I need a more
secure system?") However, to monitor your system for possible
intrusion, you can install software that watches for attempts to
connect to your computer. One example of this type of application is
called NukeNabber. NukeNabber is used to listen on TCP and UDP ports
-- connection points that are commonly attacked over the Internet.
Some vendors offer a mailing list service that automatically sends
you mail when updates become available. Look on your vendor's Web site
for information about automatic notification. If no mailing list is
offered you may need to check periodically for updates.
There have been a number of attacks in which email was sent to
users saying to apply the attached patch. This "patch" in reality was
a Trojan horse program. Generally vendors do not email patches to
customers, but they will alert customers that patches are available
from the vendor web site. If you ever received email saying to run
the attached file to install a patch, you should instead go to the
vendor's web page and download the patch if one really exists.
If you have data on your system that you would like to keep more
secure than Windows 95/98 allows, choose another operating system that
offers better security. Consider using Microsoft Windows NT or a
version of Unix.
For more information about configuring an NT system, see our NT
Configuration Guidelines.
For more information about configuring UNIX systems, see our UNIX
configuration guidelines.
One of the most commonly reported problems related to Microsoft
Office are malicious macros. A legitimate macro is a piece of code
that helps users perform complex or repetitive tasks with just a small
number of key strokes. Unfortunately, a new type of virus emerged
known as a "macro virus." These macro viruses are found in Word or
Excel documents and perform destructive tasks. They can also spread to
other documents and contaminate other computers. Many virus detection
programs detect and purge macro viruses.
There has been an increasing use of chat programs which let many
users connected to the Internet communicate with each other. Some of
the programs have features such as "backdoors" that let malicious
users run commands or install applications on your
computer. Frequently, these programs are insecurely configured by
default, so before connecting to chat rooms be sure to configure your
chat program appropriately.
Web browsers store pieces of information called "cookies" on your
computer. Although these are meant to be a useful tool, they can also
be used to gather information about your browsing habits, favorite
sites, etc. It is possible to change the settings to notify you of the
cookies being written to your computer or to completely disable
cookies. The following CIAC Information Bulletin has further
information on Internet cookies.
There have also been reports of problems with Java, Javascript, and
ActiveX. These are programming languages that let Web developers
write code that is executed by your Web browser. Although the code is
generally useful, they can be used by intruders to gather information
such as the Web sites you visit or to run malicious code on your
computer. It is possible to disable Java, Javascript and ActiveX in
your Web browser. We recommend that you do so if you are browsing Web
sites that you do not know or trust. More information is available in
these documents:
http://www.cert.org/advisories/CA-2000-02.html
ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-2000.025
http://www.microsoft.com/security/bulletins/ms99-032.asp
http://www.cert.org/vul_notes/VN-98.06.ms_jscript.html
Another security issue to be aware of is sites that require a
password to enter them. We recommend that you do not use the same
passwords at these sites that you use to access any other systems at
your office or home. The systems used to store the username and
passwords may not be secure.
There are various security issues to be aware of when you use
email. First, messages you send pass through many computers across the
Internet. Any one of these systems could have someone reading the mail
that passes through it. To prevent strangers from reading your email,
the best method is to encrypt your messages. The most popular method
to encrypt email is to use a program called Pretty Good Privacy (PGP)
or Gnu Privacy Guard (GnuPG). These programs offer many options for
encrypting files. Some email programs also offer easy methods for
encrypting and unencrypting messages within the application. For
further information about GnuPG and PGP, visit the following Web
sites.
GnuPG:
http://www.gnupg.org/
PGP:
http://www.pgp.com/
PGP Australian mirror: ftp://ftp.auscert.org.au/pub/mirrors/ftp.master.pgp.net/crypto/pgp/
Secondly, email attachments (such as executable programs, MS Word
documents, or other file types) may hide a virus. In most cases,
malicious attachments install a computer virus. This is another reason
to install a good virus detection program on your system. Other
attachments, when opened, could start malicious code running on your
computer.
Third, email can be forged to look like it was sent by someone you
trust, but it was really sent by a malicious user. This forged email
may ask you to change configurations or to send information that
would make an intruder have an easier time breaking into your system.
Further information can be found in the following document.
Wingate is a popular package that allows a number of computers on a
LAN to share a single Internet address. Wingate could be configured
to allow an intruder to use a Wingate server to conceal their true
location. Further information can be found in the following
vulnerability note.
Do not assume that your system won't be attacked "because my computer
doesn't contain anything important". If your system is connected to a
network, it may be of interest to an intruder, either because it could
be used to attack another victim using your computer, or simply
because you were unlucky in an indiscriminate attack.
The following document explains steps for recovering from a UNIX or
NT system compromise.
We strongly urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
subscribe cert-advisory
* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.
Copyright 2000 Carnegie Mellon University.Why should I care about computer security?
Who would want to break into my computer at home?
How easy is it to break into my computer?
What type of threats are out there?
Trojan Horse
Trojan horse programs are a common way for intruders to trick you into
installing "back door" programs that allow intruders easy access to
your system without your knowledge, change system configurations, or
infect your computer with a computer virus. Further information about
Trojan horses can be found in the following document.
Back Door and Remote Administration Programs
Denial of Service
What can I do to better secure a computer running Windows 95/98?
Prevention
Virus Protection
Monitoring activity on your system
Where can I get updates and patches?
Windows 95
Windows 98
Microsoft Office
Internet Explorer
Netscape
Other sources for updates and patches
How do I find out if there is a new patch for an application?
What if I need a more secure system?
http://www.microsoft.com/ntworkstation
http://www.ugu.com/sui/ugu/show?ugu.flavors
http://www.linux.org/
What security concerns are there with...
MS Office?
MS Chat? mIRC? Chat Programs?
Netscape? Microsoft Internet Explorer?
Email?
Wingate?
Where else can I get information about computer security?
http://www.auscert.org.au/
http://www.cert.org/
http://www.microsoft.com/security
In what locations should I be concerned about computer security?
What if my computer is broken into?
This document is available from:
http://www.cert.org/tech_tips/win-95-info.html
CERT/CC Contact Information
Email: cert@cert.org
CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
Monday through Friday; they are on call for emergencies during other
hours, on U.S. holidays, and on weekends.
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
Using encryption
Getting security information
CERT publications and other security information are available from
our web site
NO WARRANTY
Any material furnished by Carnegie Mellon University and the
Software Engineering Institute is furnished on an "as is"
basis. Carnegie Mellon University makes no warranties of any kind,
either expressed or implied as to any matter including, but not
limited to, warranty of fitness for a particular purpose or
merchantability, exclusivity or results obtained from use of the
material. Carnegie Mellon University does not make any warranty of any
kind with respect to freedom from patent, trademark, or copyright
infringement.
Conditions for use, disclaimers, and sponsorship information
Revision History | |
April 17, 2000 |
Initial Release |