home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 11.3 Authors Chapter 11
Protecting Against Programmed Threats
Next: 11.5 Protecting Yourself
 

11.4 Entry

The most important question that arises in our discussion of programmed threats is: How do these threats find their way into your computer system and reproduce? Most back doors, logic bombs, Trojan horses, and bacteria appear on your system because they were written there. Perhaps the biggest security threat to a computer system is its own user group. Users understand the system, know its weaknesses, and know the auditing and control systems that are in place. Legitimate users often have access with sufficient privilege to write and introduce malicious code into the system. Especially ironic, perhaps, is the idea that at many companies the person responsible for security and control is also the person who could cause the most damage if he wished to issue the appropriate commands.

Users also may be unwitting agents of transmission for viruses, worms, and other such threats. They may install new software from outside, and install embedded malicious code at the same time. Software obtained from public domain sources traditionally has been a source of system infection. Not all public domain software is contaminated, of course; most of it is not. Commercial products also have been known to be infected. The real difficulties occur when employees do not understand the potential problems that may result from the introduction of software that has not been checked thoroughly, no matter what its source. Such software includes the "click-and-download" paradigm of WWW browsers.

A third possible method of entry occurs if a machine is connected to a network or some other means of computer-to-computer communication. Programs may be written on the outside and find their way into a machine through these connections. This is the way worms usually enter systems. Worms may carry logic bombs or viruses with them, thus introducing those problems into the computer at the same time.

Programmed threats can easily enter most machines. Environments with poor controls abound, caused in part by the general lack of security training and expertise within the computing community. Few college-level programs in computer science and computer engineering even offer an elective in computer security (or computer ethics), so few computer users - even those with extensive training - have the background to help safeguard their systems.

No matter how the systems initially became infected, the situation is usually made worse when the software spreads throughout all susceptible systems within the same office or plant. Most systems are configured to trust the users, machines, and services in the local environment. Thus, there are even fewer restrictions and restraints in place to prevent the spread of malicious software within a local cluster or network of computers. Because the users of such an environment often share resources (including programs, diskettes, and even workstations), the spread of malicious software within such an environment is hastened considerably. Eradicating malicious software from such an environment is also more difficult because identifying all sources of the problem is almost impossible, as is purging all those locations at the same time.