Lightspeed Consulting's

Computer Security Primer

The table below is an action-reaction chart showing how attacks are carried out and what can be done to prevent them

 

 Attack Defense

Internal

At Console
  Password cracking Unbreakable passwords and strict login policies

At Workstation
 

Rlogin support

Rlogin restricted or disabled
 

Password cracking

Unbreakable passwords and strict login policies

External

Via Modem
 

Rlogin Support

 Rlogin restricted or disabled, call-back policy
  Password cracking Unbreakable passwords and strict login policies

Via Network Connection
 

Port Scanning (Seeking open ports to attack)

Strict Firewall policies
 

Distributed Denial of Service and other packet flood methods

 Monitored Routing with automated port swapping
  Buffer overrun (Taking advantage of outdated software components) Software component upgrade policies and constant monitoring of new component releases.
 

Authorized uploads

  • Active-x components

  • Trojan horses

  • Viruses

  • Scripts

  • Email

Limited upload authorization, Virus Scanning, and upload isolation policies
Via Proximity
 

Electro-Magnetic Pulse (Fusion)
(Requires Atomic Detonation)

Electro-Magnetic Pulse Shielding
(Lead shielded components and data pathways)

Redundant Data Paths
(Multiple cable system with checksum error switching)

Redundant Critical Operation Elements
(All critical computing elements are redundantly attached so that an error in one device would cause the output of another to be used)

Electro-Magnetic Pulse Cancellation System
(Same theory as noise cancellation system but with Magnetic Drivers and Sensors)
  Electro-Magnetic Pulse (Electrical)
(High Amplitude wide range radio frequency pulse)

Glossary and explanations

Password cracking Password cracking programs are a brute force method of repeatedly attempting to login using common words and combinations of words. Most sophisticated programs use a dictionary to assemble possible letter combinations and run for hours or even weeks. A good login policy will restrict an account after a few attempts and require all passwords to be fairly complicated.
Rlogin support Rlogin  (Remote Login) is a service which allows authorized remote users to login as if they were at the console of a system. In many cases this can be completely disabled requiring administrators to physically be at the machine. When this is not possible rlogin should be severely restricted so that remote administrators must login from known machines or locations, or using specific credentials and protocols such as IPsec or VPN.
Port Scanning Port scanning is the process of looking for holes in a system. A port scanner usually knows what to send to a specific port and how this port will reply if this port is open. Some ports must remain open for specific services to run (such as HTTP, FTP and EMAIL) but most of the 65000 ports in any given computer should be blocked. This is where using a firewall helps. A firewall blocks signals from ever reaching the computer on ports which are not needed to conduct business.
Packet Floods Packet Floods and Distributed Denial of Service attacks are a way of sending a vast amount of traffic to a specific computer or subnet thereby limiting the ability of this computer or subnet to respond to valid traffic. Today's smart routers can recognize a packet flood and block signals from specific addresses so that most valid traffic can still reach the computer or subnet. These "smart" routers are more expensive but worth the investment.
Buffer overrun A Buffer Overrun attack is a way to purposely send too long a packet or message to a specific software component which has a built-in flaw and cannot handle the excess. The excess information can sometimes be caused to issue remote commands to the affected system and thereby gain control. It is a good policy to check for component updates every day and replace these outdated components as soon as new components become available.
Authorized uploads Many types of authorized uploads are allowed on most systems. Without good policies in place a system can be compromised quickly by somebody who is not paying attention to what is coming into a machine. Vigilance is the key here.

Each and every time information comes into an open port (http, ftp, icmp, email or whatever) it can contain purposely corrupted data. This means that policies must be in place to monitor and check what comes in. All data coming in should be isolated from affecting critical systems until it is checked for known viruses (trojan horses, etc.) and all incoming data should come from known sources. This can be a difficult policy at best to implement.
Electro-Magnetic Pulse It may seem ridiculous to worry about atomic detonation compromising your system but the same type of attack can be accomplished using a small but powerful, portable wideband transmitter. It has been shown that most systems are vulnerable to electromagnetic pulse. The military has known about this type of attack for years and has implemented a policy of system hardening. System hardening consists of the various means listed in the table above. Some newer multi-processor machines have built-in error checking and the ability to use the result of an alternate device if one fails to pass validation tests.

As we reach ever faster speeds of processing and fill the air with bands of signals from cell phones and other such portable devices we risk interference between these devices. A simple way to demonstrate this is to place an older motor driven alarm clock near your computer monitor and plug it in while watching the screen.