Reducing the risk of a computer system attack can be achieved by making the system secure. But what is a secure computer system? Computer security is about lowering the risk of the system and ensuring that something can not happen rather than it can i.e. certain users can not access the word document. Security is also about control and creating layers of defence to reduce the risk of a malicious attack. A secure computer system is a system which achieves the three goals of computer security: confidentiality, integrity and availability.

The chances of a confidentiality breach in a system increases when access to the system is not monitored (through logs) or restricted (through ID and password or a biometric method) this leaves several vulnerabilities in the system ie if there is a breach not only is it easy to get into with no login there is no way of telling who attempted or when. Therefore by creating a barrier and restricting access the likelihood of someone entering the system will be reduced. Another example is patients’ records in a hospital, where security is imperative. Security would need to ensure that only authorised persons can access the protected data.

Integrity of the system is essential in relation to risk. Much like confidentiality, integrity of data is best kept by controlling who or what can access the data and in what ways. It involves keeping the data “original” and modified in acceptable ways by the correct people and processes. The example of a hospital environment can be used again since it is important that patient records are kept accurate when making medical decisions. The risk of an intruder entering the system and committing computer fraud, ie: altering patient details, is high unless protective barriers are created.

Availability is the final layer of security: the system must be in working order and usable. Availability focuses on the readiness of the system to perform and its capacity (items such as memory and connection speeds). If there is unavailability in the system or if some or all users are unable to access the system and perform required tasks efficiently and effectively (even authorised users) then the system is still at risk.

Having said this it is impossible to achieve one hundred percent security in today’s complex computer environments. Instead most security systems, specifically malware detection or ‘virus’ software such as Norton Anti-Virus focus on the idea of cutting the risk of being attacked. By building up protective layers to deter the attacker the security works on a “rob the next door” theory. This means that if the system has a lot of protection layers then the attacker will find it too difficult to compromise the system and instead will try another computer or ‘next door’.

Security plays an important role in our every day life and therefore failures of a security system have damaging effects. An example of this is Microsoft’s operating system called Microsoft XP which was released in 2001. The new operating system was a good target for attackers and Microsoft had been scrutinised for its lack of security in the system. The system had poor security this meant there were a lot of vulnerabilities or holes in the system and the risk of an attack compromising the systems data increased. In 2004 an update was released called Service Pack Two.  Microsoft spent nearly US1 billion dollars creating this service pack proving the importance of security in computers. (Linn, 2004)

The definition of risk includes the impact of the attack. The impact of an attack has a range of consequences from endangering people’s lives and the environment such as a nuclear control stations to economic and monetary effects such as bank systems and home computers. This makes security a very important matter.

Security is important because it keeps a computer functioning. We (as computer users) need to ensure that a regular virus scans are performed and importantly regularly download the virus definition updates. In doing this any known vulnerabilites existing in the computer are minimised and therefore decreases the risk of a malicious attack. From this we can see that security is a way of reducing the probability of a threat.

Security is focused on creating layers. An obstacle course for attackers which means they have to hop and climb over and hopefully will give up and attack another computer, making it another person’s problem. Minimising risk is an important goal in achieving a secure system. It is important that whilst creating a secure system the system is not put into a lock down state. This creates a system with no functionality or usability and by definition not a secure system. It is important that users of computer systems stay informed and are aware of how to protect there systems. Microsoft’s new operating system Vista has promised new and exciting features, hopefully it will not be a repeat of Windows XP and its security problems and we can work with secure, functional and easy to use systems.

Microsoft informed a company that based on its calculations, it estimates the company should have more software licenses than Microsoft’s customer record shows.

The proposed situation shows an ongoing problem, the copying and sharing of software and music over the internet is a problem which software vendors and the music industry have been dealing with for over 10 years.

The lack of software licenses that Microsoft does not have relates to the copying and sharing of software. An approach to reduce copying of software would be to enforce the update that Microsoft released in its ‘automatic’ updates. The Windows Genuine Advantage (WGA) is a program that rewards legal use of Windows XP free content and punishing resellers and users of illegal copies of XP by limiting their access to security fixes, downloads and other updates.

To calculate risk exposure the risk impact is multiplied by the risk probability.

A journal article on Proquest states that the estimated annual loss on counterfeit copies of Microsoft products is 30 billion dollars. The risk of someone downloading a copy of Microsoft software is hard to calculate but assume there is a 50% chance (which in reality is much greater) this calculates to a risk exposure of 15 billion dollars. This essentially means that any money spent bellow 15 billion dollars is a worthwhile investment in reducing the risk of the public obtaining Microsoft’s software. This means Microsoft has 15 billion dollars to avoid the risk such as changing requirements for obtaining a software license, transfer the risk by allocating the risk to other people or systems. Finally Microsoft could assume the risk by accepting the loss.

An approach to reduce copying would be to reduce the availability of downloading copied software. This is a very difficult as just as a p2p software company get sued and shutdown. New reincarnations of the old software appear which gains popularity examples include Napster, KaZaa, Morpheus and Grokster. By reducing the variety of methods available for downloading illegal software Microsoft would reduce the risk of new users joining the many people downloading illegal software.

Email is a cost effective form of communication both for business and for individual users.  Spam is a term used to refer to unsolicited email, sent by spammers. Spam is a major problem this is evident in the large amounts of spam email that is sent everyday. For example a large ESP (email service provider) such as hotmail can receive up to one billion spam email messages a day. The threat spam email creates can be placed into four main categories: loss in productivity, increased potential to virus attack, reduced bandwidth issues and potential legal exposure. This report will discuss how spam email can be controlled from both an individual and a business perspective. Spam email makes up approximately 80% of email messages received creating a large burden on ESPs and end users worldwide. (Messaging Anti-Abuse Working Group, 2006)

The main method of controlling spam email for both individual users and organisations is through machine learning systems, which can be seen in figure 1.1. Controlling spam is not a static issue spam protection methods must be constantly updated and changed. Most forms of spam protection begin with a filter which separates incoming mail into two folders. The filter operates from learnt memory or a blacklist, the filter puts the mail into the quarantine box if on the blacklist or into the inbox if considered genuine email. If spam mail is placed into the inbox, users have the ability to place the mail onto the blacklist adding to the accuracy of what is regarded as spam. If spam mail does get into the inbox recipients of spam or suspected spam it is important that end users don not open the email and do not click any links. Even if a html link refers to opting out or unsubscribing as this only confirms the email address is ‘alive’ and the spammer will send more nuisance email.

Memory has to constantly keep learning what is ‘good’ and ‘bad’ email. Spammers are not idle whilst machines are learning new ways of fighting against spam must be created. For example more sophisticated learning algorithms which give a weighting for each word in an email message. This allows a new filter to be learnt from scratch in about an hour even when training on more than a million messages. Spammers got around new filters changing the common words such as ‘sex’ and ‘free’ which are regarded as having a heavy weighting and encoding them as HTML ACSII characters ie (fr&#101xe) this allows the user to still see the words but computers can not detect the words and the email is incorrectly classified and placed into the inbox.

Most organisations have internally managed spam filters but spending extra money on spam control by outsourcing email security has many benefits. Spam messages do not simply stop because the 9 till 5 IT staff have gone home. If a new spam threat is identified at night the damage can be done long before IT staff arrive. If organisations join together support can be provided in a much more cost effective manner. Organizations such as the Messaging Anti-Abuse Working Group (MAAWG) have been created to fight against spam focusing on a collaborative effort. MAAWG incorporates major Internet Service Providers (ISP) and network operators worldwide with other associated industry vendors such as google and yahoo. Fighting against spam together allows black lists to monitored, upgraded and maintained just as quickly if not quicker than spammers can create new attacks.

Securing computers with virus and spyware software is a way which spam can be reduced. This minimises the amount of spam email sent using the common technique of creating zombie machine or botnets. Computers which are owned by end-users are infected with viruses or Trojans that give spammers full control of the machine, which are then used to send spam. The spammer’s methods used to send the email is very sophisticated and results in email, even with blocked port 25 (outgoing email port), to be sent out.

Another way spam email can be reduced is disguising email addresses on forums or bulletin boards. This makes it more expensive for a spammer to send emails. As more money is needed to gather valid email addresses. This will help in achieving the goal of making the cost of sending spam email below break even point ie the money gained from sending spam is less than the cost of sending it.

In addition to having spam filtering on a high level end users can create there own personal levels of filtering. The majority of email clients not only have junk mail folders but folder rules can be created which allow email to be sorted into folders specifying words, senders or subject line. This can help keep spam out of sight and become less of a nuisance.

Technology is just about everywhere and as time progresses the advancement of technology is creating new problems making it harder to create a true secure environment. Computers are devices used to solve practical problems which makes them part of technology. Changes in technology create risks that are almost impossible to predict and are not understood. With almost all pieces of technology a new security issue or vulnerability is created. With that change an attacker will think of a way to act upon the vulnerability and compromise the system.

Data security has always been an issue and in the earlier days of computers with diskettes the focus was on confidentiality, integrity and availability and has never changed. The recent thumb drive boom is an example of a hardware technology affecting the methods of securing a system. Thumb drives give thieves or attackers the ability to move a large chunk of data virtually undetected and enables them to install malicious software. To combat this problem organisations have banned their use or disabled their mounting by ordinary users, others have disconnected physically the USB ports inside the computers and even filling the USB sockets with epoxy glue these new methods of solving a data security issue have adapted as demand grew for thumb drives and security problems became evident.

As technology alters (for hopefully the better) attacker do as well. With each new release of technology vulnerabilities on a system are created and this creates targets for attackers. This is most likely due to the fact that no amount of prototyping can compare with having the new technology functioning in the real world. This is evident in 2001 when Microsoft released its new operating system XP. For a number of years Microsoft was criticised for lack of security features (such as poor firewall and spyware protection) it took almost three years for an update to be released. In the three years that security was not available; vulnerabilities were discovered and acted upon which made ActiveX, which is an update which allows Microsoft to communicate with other networks, to spread viruses, trojan horses and other malware

It is important to not that not all changes in technology affect security or the methods of security. In a recent press release by Intel a new processor family called Mobile Penryn was released. These processors have quad cores (four) are twenty five per cent smaller and achieve faster speeds (have large cache) on less power staggering achievements on all accounts. This advancement in technology is probably not going to create hugely noticeable security issues since it is fundamentally just increasing the speed of the processor.

What does this mean for us? Maybe new names for new breeds of security systems and malware, the line between the different types of malware have become quite thin. What we do know though is the principles applied to making a system safe, confidentiality, integrity and availability have not been affected by technology. Instead the methods of achieving a secure system have been shaped by the constantly altering computer environment we live in.

Vulnerabilities in a system create risks; risk management is about avoiding, transferring or assuming these risks. Risk management must also take the context of where the system is being used for example a one hundred thousand dollar security system is useless in a home network since a home network would not cost anywhere near that figure. If too little control is implemented to reduce risk then the system will become insecure and have a high risk of being attacked. If too much security is implemented then system functionality and usability will reduce. Risk management becomes a three way see-saw balance, if just one security element is focused on then the system will lack in one or both of the other elements but if a balance of all three elements are used then the system can become a secure, functional and easy to use. To reduce potential threats security software is installed on machines. Since all computer systems setups are different the defaults that virus and firewall programs have are simply not enough for effective security. Users must protect themselves, a virus and firewall program my have all the needed functionalities of setting up a secure computer. A recent survey but the American Online and National Cyber Security Alliance found that out of 329 homes 67% either had no anti-virus software on their system at all or had not updated it within the previous week. These statistics show that knowledge of how to protect your computer from malware is poor. Consequently if user can find, understand and use the security features imbedded in the software by having good usability the user will utilize the full functionality of the software and create a secure system.

Focusing heavily on a secure system reduces the functionality and usability of the system. For example having a complete firewall block of incoming and outgoing data makes the system very secure since no harmful data can get in. The firewall cuts of any internet of network connections that the computer might have had. The functionality of the network and internet connection still exists but because of the firewall block the usability of the network is non existent. Therefore if there is a heavy focus on the security of a system poor usability is created and through poor usability the functionality of the computer is drastically reduced as the user can only perform offline tasks this can be seen on the graph below.

Level of Security versus Usability or functionality

Figure 1 illustrates the negative correlation between: Usability and Security or Functionality and Security. Either the system has high functionality or usability but runs a risk of being attacked. The figure illustrates the trade off between the two sets of variables a high level of security will create a lower level of usability or functionality.

Focusing heavily on a functional and usable system can lead to a decrease in the security of the system. It could be argued that a functional and usable system would be a system which has no virus software or firewall at all and ignore the risk of an attack. Initially this could be a valid argument but after virus’ and other malware have made there way on to the system usability and the functionality of the system would slowly disintegrate. An intermediate spot needs to be found were the user is happy with the functionality and usability of the system but is not compromising on security.

Honey pots are used as additional levels of security, decoys which simulate networked computer systems designed to attract a hacker’s attention so they perform a malicious attack, honeypots can be either virtual or physical machines. Forensic information which is gathered from the compromised machine/s is often required to aid in the prosecution of intruders. It also gains an insight into the mind of an intruder, logs and other records on the machine which explain how the intruders probes and, if they were successful in entering the system, how they gained access. This information is very valuable and can be used as a learning tool for network administrators when designing creating or updating the computer system as are able to better protect the real neighbouring network systems because they are aware of exactly how common attacks occur. This report will discuss how honeypots are used and the types of malicious attacks that they can prevent. Honeypots place virtual machines at the unallocated addresses of a network from a single machine. The unallocated addresses appear as machines which have been placed on internet protocol (IP) addresses. Honeypots have the ability to place any operating system an IP address. Honeypots simulate the network stack behaviour (how the packets are encapsulated) of a given operating system, through the personality engine. Changes in the protocol headers of every outgoing packet match the characteristics of the operating system. This makes the machines appear genuine and is therefore desirable to attackers. because the network appears genuine the network could potentially confuse and be deterred by the virtual honeypots, as it could appear to large and to complex, furthermore any traffic on a honeypot machine gives early warning of attacks on other physical machines.

Honeypots also have the ability to redirect traffic or connections. This gives powerful control over the network and also makes the virtual network appear genuine. Redirection allows a request for a service on a virtual honeypot to be forwarded onto a service running on a real server. For example connections can be reflected back, this gives the potentially means a hacker could attack there own machine.

Honeypots are excellent tools when attempting to intercept traffic from computer users that randomly scan the network. Because of this honeypots are excellent at detecting malicious internet worms that use random scanning for new targets examples of these include Blaster, Code Red and Slammer. Once a worm has been found counter measures can be carried out against infected machines. Once the honeypot recognises a worm, virtual gateways block the worm from entering any further into the network.

Through the use of honeypots spam sending methods can be learnt and therefore spam can be reduced. Spammers use open mail relay and proxy servers to send spam to disguise the sender of the spam message. Honeypots can be used to understand how spammers operate and to automate the identification of incoming spam which can then be submitted to shared spam filters.

Honeypots are decoy servers that can be setup inside or outside of the demilitarised zone (DMZ) of a network firewall. If the honeypot computer is infected with a virus or Trojan, damaged can be created on other machines in the network and the virus could spread onto the ‘real’ system. As discussed, honeypots can help analyse current spamming methods. Honeypots also have the potential to add to the amount of spam email sent. Machines could become zombie machines or botnets which send out spam email automatically without user’s knowledge. Due to these issues it is important that honeypots are setup inside of the firewall for control purposes or are closely monitored. Otherwise the negatives may outweigh the positives.

Honeypots can be used as a tool when creating new methods of securing systems from malicious attacks. For example the program called BackTracker enables system administrators to analysis intrusions on their system. Honeypots were used to test how effective BackTracker was at analysis. The aid of effective and accurate testing is essential in creating any new system. Through the use of honeypots, programs such as BackTracker can be tested in a simulated scenario and then improved to ensure the system can efficiently and effectively work in the appropriate manner.

Watson, D. (2007, Jan) Honeynets: a tool for counterintelligence in online security

Network Security. Kidlington: (2007)1; 4

Nikolaidis, Ioanis (2003, June). Honeypots, Tracking Hackers. IEEE network (0890-8044), 17 (4); 5

King (2005). Backtracking intrusions. ACM transactions on computer systems (0734-2071), 23 (1); 51.