Worms – use spawn mechanism; standalone program
1. Exploited UNIX networking features (remote access) and bugs in finger and send mail programs.
2. Grappling hook program uploaded main worm program.
Viruses – fragment of code embedded in a legitimate program.
1. Mainly effect microcomputer systems.
2. Downloading viral programs from public bulletin boards or exchanging floppy disks containing an
3. Safe computing.
Denial of Service
1. Overload the targeted computer preventing it from doing any useful work.
The Morris Internet Worm
Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.
Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.
Scan the system periodically for security holes; done when the computer is relatively unused.
1. Short or easy-to-guess passwords
2. Unauthorized set-uid programs
3. Unauthorized programs in system directories
4.Unexpected long-running processes
5. Improper directory protections
6. Improper protections on system data files
7. Dangerous entries in the program search path (Trojan horse)
8. Changes to system programs: monitor checksum values
A firewall is placed between trusted and un trusted hosts.
The firewall limits network access between these two security domains.
Network Security Through Domain Separation Via Firewall
Detect attempts to intrude into computer systems.
1. Auditing and logging.
2. Tripwire (UNIX software that checks if certain files and directories have been altered – I.e. password
System call monitoring
Data Structure Derived From System-Call Sequence