Научная электронная библиотека
Монографии, изданные в издательстве Российской Академии Естествознания
Unit 5. INFORMATION SECURITY
WARM UP
Work in groups. What stories do you think followed these headlines? Compare answers within your group.
1. Love bug creates worldwide chaos.
2. Hackers crack Microsoft software codes.
3. Web phone scam.
What other types of computer crime are there? Make a list within your group and report it to the class. Check your answers reading the text INTERNET CRIME.
SPEAKING ACTIVITIES
INTERNET CRIME
The Internet provides a wide variety of opportunities for communication and development, but unfortunately it also has its dark side.
Crackers, or black-hat hackers, are computer criminals who use technology to perform a variety of crimes: virus propagation, fraud, intellectual property theft, etc.
Internet-based crimes include scam, email fraud to obtain money or valuables, and phishing, bank fraud, to get banking information such as passwords of Internet bank accounts or credit card details. Both crimes use emails or websites that look like those of real organizations.
Due to its anonymity, the Internet also provides the right environment for cyberstalking, online harassment or abuse, mainly in chat rooms or newsgroups.
Piracy, the illegal copying and distribution of copyrighted software, information, music and video files, is widespread.
But by far the most common type of crime involves malware. Malware (malicious software) is software created to damage or alter the computer data or its operations. These are the main types.
Viruses are programs that spread by attaching themselves to executable files or documents. When the infected program is run, the virus propagates to other files or programs on the computer. Some viruses are designed to work at a particular time or on a specific date, e.g. on Friday 13. An email virus spreads by sending a copy of itself to everyone in an email address book.
Worms are self-copying programs that have the capacity to move from one computer to another without human help, by exploiting security flaws in computer networks. Worms are self-contained and don’t need to be attached to a document or program the way viruses do.
Trojan horses are malicious programs disguised as innocent-looking files or embedded within legitimate software. Once they are activated, they may affect the computer in a variety of ways: some are just annoying, others are more ominous, creating a backdoor to the computer which can be used to collect stored data. They don’t copy themselves or reproduce by infecting other files.
Spyware, software designed to collect information from computers for commercial or criminal purposes, is another example of malicious software. It usually comes hidden in fake freeware or shareware applications downloadable from the Internet.
1. Identify the Internet crimes sentences (1-6) refer to. Then match them with the advice below (A-F).
|
1 |
2 |
3 |
4 |
5 |
6 |
1. Crackers try to find a way to copy the latest game or computer program.
2. A study has revealed that half a million people will automatically open an email they believe to be from their bank and happily send off all their security details.
3. This software’s danger is hidden behind an attractive appearance. That’s why it is often wrapped in attractive packages promising photos of celebrities like Anna Kournikova or Jennifer Lopez.
4. There is a particular danger in Internet commerce and emails. Many people believe they have been offered a special gift only to find out later they have been deceived.
5. ‘Nimda’ spreads by sending infected emails and is also able to infect websites, so when a user visits a compromised website, the browser can infect the computer.
6. Every day, millions of children spend time in Internet chat rooms talking to strangers. But what many of them don’t realize is that some of the surfers chatting with them may be sexual predators.
A. People shouldn’t buy cracked software or download music illegally from the Internet.
B. Be suspicious of wonderful offers. Don’t buy if you aren’t sure.
C. It’s dangerous to give personal information to people you contact in chat rooms.
D. Don’t open attachments from people you don’t know even if the subject looks attractive.
E. Scan your email and be careful about which websites you visit.
F. Check with your bank before sending information.
2. Study the diagram «How a virus infects a program». Answer the following questions.
1. What is the function of the Jump instruction?
2. What are the main parts of the virus code?
3. What is the last act of the virus?
1.
How a virus infects a program
3. Scan the text to check your answers to Task 2. Ignore any parts which do not help you with
this task.
THE ANATOMY OF A VIRUS
A biological virus is a very small, simple organism that infects living cells, known as the host, by attaching itself to them and using them to reproduce itself. This often causes harm to the host cells.
Similarly, a computer virus is a very small program routine that infects a computer system and uses its resources to reproduce itself. It often does this by patching the operating system to enable it to detect program files, such as COM or FXH, files. It then copies itself into those files. This sometimes causes harm to the host computer system.
When the user runs an infected program, it is loaded into memory carrying the virus. The virus uses a common programming technique to stay resident in memory. It can then use a reproduction routine to infect other programs. This process continues until the computer is switched off.
The virus may also contain a payload that remains dormant until a trigger event activates it, such as the user pressing a particular key. The payload can have a variety of forms. It might do something relatively harmless such as displaying a message on the monitor screen or it might do something more destructive such as deleting files on the hard disk.
When it infects a file, the virus replaces the first instruction in the host program with a command that changes the normal execution sequence. This type of command is known as a JUMP command and causes the virus instructions to he executed before the host program. The virus then returns control to the host program which then continues with its normal sequence of instructions and is executed in the normal way.
To be a virus, a program only needs to have a reproduction routine that enables it to infect other programs. Viruses can, however, have four main parts. A misdirection routine that enables it to hide itself; a reproduction routine that allows it to copy itself to other programs; a trigger that causes the payload to be activated at a particular time or when a particular event takes place; and a payload that may be a fairly harmless joke or may be very destructive. A program that has a payload but does not have a reproduction routine is known as a Trojan.
4. Now read the whole text to find the answers to these questions.
1. How are computer viruses like biological viruses?
2. What is the effect of a virus patching the operating system?
3. Why are some viruses designed to be loaded into memory?
4. What examples of payload does the writer provide?
5. What kind of programs do viruses often attach to?
6. How does a Trojan differ from a virus?
5. Match each virus routine to its function.
|
Routine |
Function |
|
1 misdirection 2 reproduction 3 trigger 4 payload |
a does the damage b attaches a copy of itself to another program с hides the presence of the code d decides when and how to activate the payload |
6. Work in pairs. Decide what these kinds of computer crime are. Then match the crimes to the short descriptions which follow.
|
1. |
Salami Shaving |
A. |
Leaving, within a completed program, an illicit program that allows unauthorized – and unknown – entry. |
|
2. |
Denial of Service attack |
B. |
Using another person’s identification code or using that person’s files before he or she has logged off. |
|
3. |
Trojan Horse |
C. |
Adding concealed instructions to a computer program so that it will still work but will also perform prohibited duties. In other words, it appears to do something useful but actually does something destructive in the background. |
|
4. |
Trapdoors |
D. |
Tricking a user into revealing confidential information such as an access code or a credit-card number. |
|
5. |
Mail bombing |
E. |
Inundating an email address with thousands of messages, thereby slowing or even crashing the server. |
|
6. |
Software Piracy |
F. |
Manipulating programs or data so that small amounts of money are deducted from a large number of transactions or accounts and accumulated elsewhere. The victims are often unaware of the crime because the amount taken from any individual is so small. |
|
7. |
Piggybacking |
G. |
Unauthorized copying of a program for sale or distributing to other users. |
|
8. |
Phishing |
H. |
Swamping a server with large numbers of requests. |
|
9. |
Defacing |
I. |
Redirecting anyone trying to visit a certain site elsewhere. |
|
10. |
Hijacking |
J. |
Changing the information shown on another person’s website. |
7. Describe the effects of the viruses and other destructive programs listed below.
|
For example: |
1. A date or event occurs. 2. The trigger routine runs. 3. The payload routine activates. 4. The hard disk is wiped. |
These events form part of a cause and effect chain. We can describe the links between each event in a number of ways:
– Using cause + to V or make + V.
o A date or event occurs which causes the trigger routine to run.
o A date or event occurs which makes the trigger routine run.
– Putting the events in sequence and using a causative verb.
o The trigger routine runs, which activates the payload routine.
– Using a when clause.
o When the trigger routine runs, the payload routine activates.
|
1. |
Logic bomb |
a. b. c. |
A dismissed employee’s name is deleted from the company’s payroll. A logic bomb is activated. All payroll records are destroyed. |
|
2. |
Form (Boot sector virus) |
a. b. c. |
A certain date occurs. A trigger routine is activated. Keys beep when pressed and floppies are corrupted. |
|
3. |
Beijing (Boot sector virus) |
a. b. c. |
The operator starts up the computer for the one hundred and twenty-ninth time A trigger routine is activated The screen displays, «Bloody! June 4, 1989». |
|
4. |
AntiEXE |
a. b. c. d. |
The infected program is run. The boot sector is corrupted. The disk content is overwritten. Data is lost. |
|
5. |
Cascade (File virus – COM files only |
a. b. c. |
A particular date occurs. The payload is triggered. Characters on a text mode screen slide down to the bottom. |
|
6. |
Macro virus |
a. b. c. d. e. f. g. |
An infected document is opened in the wordprocessor. The virus macro is executed. The virus code is attached to the default template. The user saves another document. The virus code attaches to the saved document. The saved document is opened in the wordprocessor. The virus destroys data, displays a message or plays music. |
8. Consider these examples of computer disasters. How could you prevent them or limit their effects? Compare answers within your group mate.
1. You open an email attachment which contains a very destructive virus.
2. Someone guesses your password (the type of car you drive plus the day and month of your birth) and copies sensitive data.
3. Your hard disk crashes and much of your data is lost permanently.
4. Someone walks into your computer lab and steals the memory chips from all the PCs.
5. Your backup tapes fail to restore properly.
9. Study this table of security measures to protect hardware and software. Which measures would prevent or limit the effects of the disasters in Task 8?
|
Control Access |
– Lock physical locations and equipment. – Install a physical security system. – Monitor access 24 hours a day. |
|
Implement |
– Install firewalls to protect networks from external and internal attacks. – Password-protect programs and data with passwords which cannot easily be cracked. – Monitor username and password use – require changes to passwords regularly. |
|
– Encrypt data. – Install a callback system. – Use signature verification or biometric security devices to ensure user authorization. |
|
|
Protect against |
– Install uninterruptible power supplies and surge protectors. |
|
Backup Data |
– Make incremental backups, which are copies of just changes to files, at frequent intervals. – Make full backups, which copy all files, periodically. – To protect files from natural disasters such as fire and flood, as well as from crimes and errors, keep backups in separate locations, in fireproof containers, under lock and key. |
|
Separate and |
– If functions are separate, then two or more employees would need to conspire to commit a crime. – If functions are rotated, employees would have less time to develop methods to compromise a program or system. – Perform periodic audits. |
|
Protect against |
– Use virus protection programs. – Use only vendor-supplied software or public domain or shareware products that are supplied by services that guarantee they are virus-free. |
10. Find words or phrases in Task 9 which mean:
– copies of changes to files made to reduce the risk of loss of data;
– software available for a short time on a free trial basis; if adopted a fee is payable to the author cannot be disrupted or cut put at risk;
– deciphered, worked out;
– protect data by putting it in a form only authorized users can understand;
– a combination of hardware and software to protect networks from unauthorized users observe and record systematically;
– measuring physical characteristics such as distance between the eyes;
– at regular intervals.
|
11. Work in pairs, A and B. Each of you has the details of one form of backup. Explain to your partner how your form of backup works. Make sure you understand the form of backup your partner has. Ask for clarification if anything is unclear.
Use the phrases in the LANGUAGE BOX |
|
||||
Student A.
Incremental backup
An incremental backup includes only files with their archive bit on. The archive bit indicates whether a file has been backed up since it was last changed. Whenever you back up a file in Windows, the operating system automatically sets the archive bit to 0 (off). I (on) indicates a file has not been backed up since it was last worked on. This way, as you append a series of incremental to your full backup, each contains only those files that are new or have changed since your last backup. This keeps your backup set up to date using a minimum of time and tape. The disadvantage is that it may need many tapes to fully restore the hard disk.
Student В.
Differential backup
A differential backup doesn’t set the archive bit to the off position after backing up the file. In a full backup in Windows, the operating system automatically sets the archive bit to 0 (off). I (on) indicates a file has not been backed up since it was last worked on. Thus, if you do a series of differentials, each backs up all the files created or modified since the last full backup, not just those that have changed. Normally, you keep only the most recent differential backup on hand. This minimizes the size of your backup set, since it will never contain more than two copies of any file – one in the full set and one in the differential. This method is mostly used when you’re backing up to disks. The downside is that it won’t back up files that were created and deleted before the differential backup.
LISTENING ACTIVITIES
1. Watch video «Information Security» and answer the following questions.
Suggested online resource:
http://www.youtube.com/watch?v = MfWMIK1ka1o&feature = related
1. Define Information Security.
2. What are the two lines of defense?
3. What is information security plan?
4. What are the five steps of information security plan?
2. Comment on the following statements. Agree or disagree with the statement. Give your reasons to support your opinion.
Antivirus software is the most common tool for detection. Antivirus software protects and responds to viruses, spywares and worms.
3. Watch video «12 Steps to IT Security» and name these steps. Which of them do you consider the most important ones?
Suggested online resource:
http://www.youtube.com/watch?v = tS5_t_11eaU&feature = related