Computer programs with benign malicious intents are threat to computer and network security. Explain three ways...

Three ways an undesired program affects the target computer:

1. Becoming part of an already running program in the target computer:

Usually, a virus program makes use of an already running program on the computer. It uses the program to spread across the computer and then from there on go to another computer.

• Such programs can be mildly or severely dangerous.
• They are usually attached to a file that is executable.

2. Making copies of themselves:

Similar to viruses is a worm program. It spreads by replicating itself. The worm is a standalone program.

• That also means that they don't need any other executable program.
• They look for loopholes in the system to spread.

3. Using legitimate codes:

A trojan is something that looks like a legitimate piece of the program. Users often click on it thinking that it is genuine. Once clicked it executes in the system and attacks it.

• It can cause serious damage to the system.
• It can change the desktop, delete files, activate other viruses, etc.

Defensive measures:

1. Use of trusted programs:

There are many antivirus software and other programs that claim security but are not really secure. There are also free programs that claim to remove viruses from the computer. It is advised to always use registered antivirus from a trusted company.

• Investment in an antivirus that is of high quality is only a small price.
• It is also important to keep this software up to date.
• This can be made possible by subscribing to updates from the vendors.

2. Regular scans:

It is also important to run regular scans on the computer. It helps in monitoring the health of the computer. It is advised to run the monitoring software in the background and manage it from time to time. Setting up regular automatic scans can also do the job. It helps in finding out if there is something wrong with the computer.

• If the computer performance seems reduced, one can run a scan and make the choice to remove certain programs.
• It is also important to know that while scanning is going on, the system should be prevented from going to sleep.

3. Operating system updates:

Operating system updates are the best way to keep the computer secure. Operating systems have their own type of scans and antivirus defenses. The updates have to perform regularly though. This is because every time the operating system vendor discovers new vulnerabilities, new security measures are released.

• These can be installed in the system only when the operating system is up to date.
• Security teams have always been issuing such security patches.
• If one is utilizing an older operating system, the computer is very much at risk.

4. Use of secure networks:

Malicious programs usually find their way to the computer through weak network connections. It is advised not to use public wifi and always use encrypted networks. WEP router encryption is also the best way to prevent security breaches.

4a) Three forms of such attacks:

In the mentioned scenario, online services are made unavailable to the host or users. It is done by interrupting the services or suspending them temporarily. There are three forms of such attacks:

Volume-based:

These types of attacks are done using UDP floods and spoofed packets. In many cases, such attacks also include ICMP flooding. The main goal of such attacks is to perform a bandwidth saturation.

• The measured magnitude is often in bits per second.
• The compromised device is flooded with malicious traffic.

Protocol-based:

In such an attack, SYN flooding is used whereas the number of acknowledgments is sent. Fragmented packets and smurf DDoS are other ways to do it. In this attack, all the server resources are consumed.

• The intermediate communication device is also flooded.
• Load balancers and firewalls are flooded with malicious packets and they are not able to serve the requests by the actual hosts.

An application layer-based:

In these attacks, a low and slow approach is used. Most often they target Apache and GET/POST vulnerabilities. The attack often includes innocent requests sent to the server. The requests seem innocent.

• The goal here is to completely crash the server.
• This is done by sending a huge number of requests.

Three defensive measures:

1. Create a checklist:

A full checklist of assets should be created. It can be done to make sure that threats can be easily identified, assessed, filtering tools can be used. It helps in enhancing the security of the system. After that, a response plan should be created.

• The team should be assigned responsibilities. It will help in the organization of tasks.
• The contacts of people involved should be collected as well.
• It includes customers, cloud providers, etc.

2. Network infrastructure:

The network infrastructure should be secured using multi-layer protection strategies. Content filters, spam deletion, etc. are some of the ways. The devices used in the network should have mitigation strategies implemented in them.

• Systems in the network should be kept up to date.
• The network should also be monitored from time to time.

3. Cloud leveraging:

Since the cloud bandwidth is more than traditional ways. It can offer many benefits. It represents a diffuse resource. Apps based on the cloud can easily absorb harmful traffic. Cloud is also worked upon by engineers who know the best security and monitoring measures.

• They can easily identify warning signs and prevent them.
• One should also choose the type of cloud carefully.
• Depending on the needs of the hour, one can go for private, public, or hybrid cloud.
• They all have different levels of security based on how they are used.