Monday, January 26, 2009

L20: SECURITY PROCEDURES

Computers should have alarm systems to guard them from any attacks such as viruses and data corruption. The alarm system is the security measures that we take to ensure its safety.

DATA PROTECTION
We need to protect the data in the computer as it may somehow get lost or corrupted due to some viruses or mishap like fire, flood, lightning, machine failures and even human errors.

There are a few ways to protect the information namely:
• make backup files
• detect the virus and clean the computer
• warn others on virus attacks

1) BACKUP FILES
Users can do backups of file systems by:

 keeping the duplicated files in external storage such as in the floppy disk and thumb drive
 do backup frequently

2) DETECT VIRUS AND DO CLEANUP
A computer virus is able to affect and infect the way the computer works. Viruses can be detected when we run an antivirus. We can also delete the infected files and documents.

3) WARN OTHERS ON VIRUS ATTACK
We can warn others on virus attacks or new viruses by sending e-mails to them.
DETECTING ILLEGAL ACCESS TO SYSTEMS
The computer system is able to detect any illegal access to the system by a user who does not have any authorisation. Basically, a corporation will simply use tcpwrappers and tripwire to detect any illegal access to their system. User's access will be reviewed periodically by computer operations. On going internal audits will be made to ensure detection of violations of security and unauthorised modifications to software and data .

TCPWRAPPERS

Tcpwrappers stop the attempted connection


examines its configuration files


will decide whether to accept or reject the request.

Tcpwrappers will control access at the application level, rather than at the socket level like iptables and ipchains. The system will run tcpwrappers to log access to ftp, tftp, rch, rlogin, rexec and telnet.

TRIPWIRE
Tripwire will detect and report on any changes in the thousands of strategic system files.
The system will run tripwire to determine if system files have changed.

PREVENTING ILLEGAL ACCESS TO SYSTEMS
Ways to prevent illegal access to systems:
1. Run anlpassword to make password cracking difficult.
2. Run tcpwrappers to check if the name for an ip address can be provided by DNC
3. Use a callback system to prevent unauthorised use of stolen passwords.

PREVENTING ILLEGAL ROOT ACCESS

Sudo stands for (Superuser do) and is a program in Unix, Linux and similar operating systems such as Mac OS X that allows users to run programs in the form of another user (normally in the form of the system's superuser).

Sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file.

PATCH
Patch supplies small updates to software, provided that the source code is available.
Patch is a name of an UNIX utility. It applies a script generated by the different program to a set of files that allows changes from one file to be directly applied to another file.

Resources are not enough to patch all security holes that we hear about through the bugtraq list.