Recent Post

March 16, 2013

Essay on Microsoft Security Problems

Microsoft and Problems of Network Security

Today, broadband networks are playing an increasingly important role in the field of computing. Being driven by applications and advances in fiber-optic technology and switching, broadband networks have elevated to unimaginable heights but they have also posed problems even to the giant companies like Microsoft.
When a user connects to a network, his computer is faced with many threats, some of which can lead to data loss or even a total loss of system files. Today, networks are always ahead of the threats. There are more and more techniques to protect them, but there are more and more techniques for attack as well. The Internet is a mine of information for businesses and users. Surfing the Internet; you can access millions of web pages. Using search engines, we can obtain information necessary for work, when you need it (list price, product characteristics, particular documents. The Web is an indispensable resource for business productivity, but there
are inherent dangers as well.
All computers on the internet use standard protocols in order to disseminate information from one computer to another. This can turn be a troublesome activity at times. One the computer is connected to a public network, the security risks increase. Internet-related fraud was the subject of 55 percent of the more than half-million complaints fi led in 2003, up from 45 percent a year earlier, according to theFederal Trade Commission. The median loss for victims of Internet-related fraud was $195.
Security is a problem inherent in any communication system, where, by definition, exchanges occur on networks. Traffic is one word that comes most naturally to mind when it comes to computer network security. The security field that seeks to address this problem is encryption.
Encrypt transmission means transforming the content sent to make it unintelligible by one third, while the recipient can find the meaning of the message through a decryption algorithm.
Other attacks threaten the integrity of a network, such as intrusion or concealment of identity. In hiding identity, a recipient receives a message from a person he thinks he knows but whose identity has been misused.
One can easily understand the importance of this issue when sensitive information is exchanged, such as money or confidential instructions. The area of ​​security attached to solve this problem is authentication. In proceedings authentication, we try to check the identity of the transmitter
through specific algorithms. With the intrusion, a stranger enters a communication system and, possibly, or information systems which are attached. Access control aims to answer this

In the threats that we've identified the spy becomes or information that would normally be not known, enter in a network or assumes an identity. There are other types of threats which the spy would just jammed wireless network, this type of attack is called denial of service.
As the IEEE 802.11 operates in a band-free radio license and therefore in principle be used by all, a spy can always disrupt network use, if it is remotely using directional antennas. In this article, we will not discuss this type of attack.

We just mention the key areas of security that are encryption, authentication and access control. These domains are not disjoint and there are overlaps important problems and algorithms
employees. Contrary to popular belief, there is not a wired LAN side, which would be safe, and networks wireless local area that would not be safe as well. In a wired type Ethernet, it is easy, from a device attached to the network; listen to the traffic flowing through them. If we do not have equipment connected but if one has access to the network, one can, for example, connect a hub to an existing outlet, which is to provide new connection possibilities.

In a business, it is easy to connect additional equipment LAN and listen to ensure traffic
network to launch attacks against servers and applications. We are then in a situation similar to the network Wireless, where listening to air collects information flows and is transmitted through radio transmission on the internet.
Hackers, crackers, and attackers on internet are usually motivated by different impulses. Some are driven by profit while others by mischievousness or glory. But they follow the same pattern or more precisely their modus operandi is quite similar. Several basic level threats exist that can harm the even a well-structured network system. However, the degree of their intensity varies. Some of the most common threats can be defined as spam, unsolicited, commercial email messages and their threat is gauged by their overwhelming volume.
These all means can well be a source of transmitting viruses. Much of it is of an explicit sexual nature, which in some cases can create an uncomfortable work environment and, potentially, legal liabilities if companies do not take steps to stop it. Spoofing is another technique widely used by the hackers to intrude the network systems. (Abelar, 12)

IP spoofing means creating packets that appear as though they have come from a different IP address. This technique is used primarily in one-way attacks (such as denial of service, or DoS, attacks). If packets appear to come from a computer on the local network, it is possible for them to pass through firewall security which is designed to protect against outside threats.
It is difficult to detect IP spoofing because it requires skills, monitoring, and analysis of data packets. Email spoofing refers to the technique of sending a fake email message to an extent that the address of the sender remains unknown. For example, a round of hoax e-mail messages circulated the Internet in late 2003 that were made to look as though they carried a notice of official security updates from Microsoft by employing a fake Microsoft e-mail address. Dozens of industry leaders, including Microsoft, have developed in collaboration with others a technology known as ID Framework (SIDF) that is very helpful in the counter e-mail spoofing and phishing by validating that messages come from the email servers they purport to come from. Each day, Microsoft filters out over three billion spam messages and protects the inboxes of over 200 million users worldwide.(Dekker, 235)

Phishing is also alarmingly becoming a tactic of choice for hackers and organized crime. Typically, an attacker sends an e-mail message that resembles very similar to the actual source, where it comes from, for example Microsoft or eBay. Link in the message also takes the reader to the actual website giving an impression that the message has really come from the stated source.
This is actually a trick that hackers play in order to extract the personal information of the user. The information is stored in the spam lists and facilitates the perpetrators to steal the account information or identity. This has raised huge concerns among the minds of different companies such as PayPal, eBay and Microsoft. It must be pointed out that the victims are not always the individual buyers but the companies and brands also sometimes fall prey to this technique.
Virus is not a distinct thing who can be easily recognized and identified but they come along embedded in programs designed to potentially cause harm to the network systems, servers, and computers. They are very implicitly hidden inside apparently harmless programs.
Viruses in e-mail messages often give the appearance of games or pictures and use enticing subjects (for example, “My girlfriend nude”) to persuade users to open and run them. Viruses attempt to replicate themselves by tainting other programs on the computers shared through a network.

 Worms are similar to viruses in the sense that they try to replicate themselves, but they are often able to do so by sending out e-mail messages themselves rather than simply infecting programs on a single computer. Worst of all is the Trojan horse. These nasty programs pretend to appear as benevolent and harmless applications. They do not replicate like viruses and worms but can still cause substantial harm.
Inside a Trojan horse, viruses and worms are smuggled.

In June 2004, the Gartner Group reported that online bank accounts had been looted of $2.4 billion just in the previous 12 months. It estimated that 1.98 million adults had suffered losses. Much of the problem was traced to malicious programs that surreptitiously collect passwords and other confidential data.
“Phishing” schemes also were used.(Matt, 54)
Spyware refers to little, hidden programs that run on your computer having an intrinsic ability to extract and track the online activities in order to allow for the intruders to monitor and have complete access of the computer. Spyware usually attacks powerfully when a music file has just been downloaded from a file sharing program, untrustworthy free game sites and any other software that comes from an unknown source.

Repudiation refers to a user’s skill to wrongly refute having performed an action that other parties cannot disprove. For instance, a user who deleted a file can successfully deny doing so if no mechanism (such as audit records) can prove otherwise. Information disclosure consists of the revelation of information to persons who usually would not have an access to it. For example, a user on network might make certain files accessible over the network that should not be shared.

According to the National Cyber Security Alliance, 62 percent of computer users have not updated their antivirus software, and a staggering 91 percent in the study have spyware on their computers that can cause extremely slow performance,excessive pop-up ads, or hijacked home pages.(Greg, 67)

Elevation of privilege is a practice by which a user dupes a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges. The use of counterfeit software is extensive. In some parts of Asia and the former Soviet Union at least 90 percent of the software used is counterfeit. Even in the United States, an estimated 25 percent of software is counterfeit.
Though the seemingly low prices of counterfeit software can be very appealing but in the long run the price of this software is much higher. This software are likely to contain bugs and viruses and this is why their use is illegal.
Microsoft has attempted to deal with all the aforementioned problems by developing a genuine Microsoft software which provides up-to-date protection and fend off hackers, spammers, and email viruses. It also offers improved system recovery tools.

Most attackers exploit the processing power of computers as their primary weapon. They may use a virus to spread a DoS program to thousands of computers at the same time. They also tend to use a password-guessing program to try every word in the dictionary as a password. Of course, the first passwords they check are “password,” “letmein,” “opensesame,” and a password that is the same as the username.

Attackers have programs that arbitrarily peep into every IP address on the Internet looking for unprotected systems and, when they find one, have port scanners to see whether any ports are vulnerable to attack. If these attackers find an open port, they have a plethora of known vulnerabilities they can use to try to gain access.

Earthlink, the Atlanta-based Internet Service Provider, said in April 2004 that it had found 370,000 Trojan horses and system monitors on the 1.6 million computers it had studied. If Earthlink’s numbers hold up for all computers, up to 35 percent are compromised.(Duane, 242)

According to the Symantec Internet Security Threat Report published in September 2004, it takes on average 5.8 days after a software vendor announces vulnerability for criminal hackers to take advantage of the discovery. You should apply software updates as soon as possible when they are announced. You should use the Automatic Updates feature in Microsoft Windows XP to download and install updates automatically and also make sure that your antivirus software is updated regularly. Consider signing up for Microsoft Security Update e-mail bulletins, a free service you can learn more about espionage, a combination of technology and social engineering is most effective. For example, inducing members of your staff to reveal confidential information, rifling through trash in search of revealing information, or simply looking for passwords written on notes by monitors are all options.(Ivan, 160)
Nevertheless, in a wireless network, eavesdropping to the channel and transmissions taking place is evident. Of course, listening as the transmission to the network is only possible in the field
Wireless network coverage, that is to say, in general, on few hundred meters at most. But it should be noted that directional antennas can, under certain conditions, increase the range significantly. These directional antennas allow a foreign entity to listen to the network or to
send information. It is in this additional facility of interaction in which distance is created between a LAN and a wireless in terms of security.

The four attacks which are most often listed in wireless networks are:
- Interception of data;
- Intrusion into the system;
- Attack the man in the middle;
- Trap door.
 Interception of data: this kind of attack is mostly used one. In the absence of effective encryption system, it is easy to recover content of the data flowing through the medium of communication.
The open nature of wireless network equipment
facilitates this type of interception. This can be achieved by a station in the normal range of network coverage or remotely as long as the spy station is equipped with a directional antenna.
 Intrusion into the system is an element that takes place to connect to wireless access point and then enter the local network behind the access point. As for passive listening, this attack can be conducted in the area of
​​coverage or remotely, using a directional antenna. Access points are the attacker to the point of entry into the network, after which it can attempt to enter the equipment connected to the network.

These first two attacks are the most conventional. They can be exercised outside the deployment area of network without LAN, or because the scope of the wireless network is beyond its area of
deployment, usually by using a directional antenna.
This following two attacks restricts the unwanted interruption of any kind from entering the area network deployment.
In the conventional networks, it is easier to ward off the invaders of networking security system. By turning on the access point outside the vicinity of the wireless network that is targeted for attack, it will serve to stop "Trojan horse". This access point is not necessarily connected to the network subject to attack; however, it must be close geographically. A wireless station will naturally be trying to connect to it, thereby delivering the key process connection. These keys have been collected; they serve to prevent future intruders entering the network. The backdoor attack requires physical access to wireless network that is targeted for attack.
Microsoft had long been fighting the nasty battle of tackling the vulnerabilities of networking security system. An IDS is a system designed to detect intrusions on a network or machine. In IDS, we use a set of signatures for intrusion detection.
IDS offers the following functions:
- Attack Detection (active or passive)
- Generating reports
- Tools of correlation with other elements of the security architecture
- Responding to attacks by blocking the road or closing connection
- Transfer Activity
There are two types of IDS:
- HIDS (Host IDS) to monitor hosts.
In this type of intrusion signatures are descriptions of the behavior of the system or system states.
- NIDS (Network IDS) to monitor network traffic.
In this type,
Intrusion signatures are descriptions of the packages arrived through traffic.
In IDS, the following architectures are used:
- SA (Sniffer approach): usually a centralized architecture or probes
distributed over a network are responsible for providing feedback to
- SSA (Single Sniffer Approach): one station listens for traffic and analysis
- UAA (User Agent Approach): uses the concepts of mobile agent platform and  agent to distribute the system, and no longer have centralized management. Thanks to the powers, the ISDS are widely used today in the field of security.
Secondly, Microsoft windows offer unique features as that of firewall to reduce the vulnerability of networking security. A firewall is a device or software equipment that filters all packets that
pass by it in order to implement and ensure the security measure.  The firewall is used to pass some or all of these packages if they are allowed, and block logging when it is prohibited.
Antivirus software is software that protects a machine against viruses. The antivirus is based on signature files by comparing the genetic signatures it verifies the virus codes and warns the user against the onslaught of a virus.
Some programs also apply the heuristic method designed to discover malicious code by its behavior.
Antivirus programs can scan the contents of a hard drive, but also the memory of the
computer. For the more modern they act upstream of the machine scanning file exchanges with the outside world, both in flux amount down. Thus, emails are reviewed, but the files copied or from removable media such as CDs, floppy disks, network connections.
According to the features of IDS, we find that the virus is also IDS.
Today, there are many antivirus software like Norton Antivirus, McAfee who are proving their utility across the globe.
Antivirus has appeared as a means to minimize the networking security risks.  
Cryptography is a mathematical science in which studies determine methods for transmitting data confidentially. To protect a message, they apply a transformation that makes the transferred data incomprehensible; this is called encryption, which, from a plain text gives a cipher text or cryptogram. Conversely, decryption is the action which allows reconstructing the plaintext from the cipher text. In
modern cryptography, the transformations in question are purely the functions of mathematics, known cryptographic algorithms, which depend on a parameter called the key.
Today, there are several researches to improve the traditional methods or search for new methods for security in broadband networks. The main idea in this system is to divide the network traffic into subsets
of a manageable size. In the system it uses several sensors to analyze subassemblies and detect intrusions by its signatures.(Mice, 353)
To construct the architecture of this system, certain requirements are pre-requisite. Intrusion detection is performed by a set of sensors; each sensor detects intrusions by a subset of signatures.
 The sensors are independent and each tranche of traffic is analyzed by a set of sensors. Each sensor accesses the traffic necessary to detect the signature. The modern day programs allow for the users to add sensors, signatures to the system to fortify the networking system. 


Post a Comment