Computer Security in an Educational Environment

Computer Security in an Educational Environment

Dr. Wayne C. Summers

Associate Professor - Computer Science

ITM-Pusat Pendidikan Persediaan / MUCIA - Indiana University

Section 17, 40200, Shah Alam, Selangor, Malaysia

phone/fax: (03) 541-5846

INTERNET: wayne@mucia.itm.my

Abstract: The use of computer systems is changing our lives and the way we teach and learn today. They have increased our efficiency of doing work. We are now more productive, but at a cost. We have become dependent on these same computer systems in our daily lives and for doing our job. Coupled with this is a lack of awareness of how vulnerable our data, software and hardware are. This paper discusses the problems associated with maintaining a secure computer system as well as proposing some solutions to overcoming these problems. This paper also summarizes the results of a series of surveys conducted in Malaysia by the author. The surveys were used to determine the status of computer security in Malaysia. They also provide a foundation for suggesting some solutions to problems that are existent in Malaysian computer security.

Introduction

"Police warn of 'computer hackers' infiltrating CDS" [5]

"Computer virus to hit next month - it will wipe out all hard disks every day of March" [4]

"Many users still ignore rampant virus threat" [6]

"Blackout creates havoc for IT users" [1]

"Subang Airport fire: A lesson for IT users" [3]

These are some headlines from recent Malaysian newspapers. Has your school taken precautions to keep out hackers? Are you ready for the next big virus attack? Can your school survive a lengthy power outage? Could your school recover from a major fire? These are some questions that you may be facing in the future.

We have become increasingly dependent on our computer systems for processing information and soon these same computers will become a necessity in teaching our students. Not only must we protect this information but we must also protect the computer systems that process this information. There is a myriad of threats to the security of our information and computer systems. Most computer users take the computer system and its information for granted. They turn off their computers without giving any thought to the security of the information.

Is there a security problem in computing?

Computer Hackers

One serious problem facing computer users today is the rise in computer crime, i.e. crime committed with a computer. How many of our computer systems have been attacked by computer hackers? It may be nothing more than a student playing a computer game on the school computer without permission. Or it may be the angry student who deletes everyone's files.

The total estimated losses due to computer crime worldwide range from $300 million to $500 billion per year. The reason for such a wide range is that less than 1% of all computer crime fraud cases are detected and of those detected, over 90% are unreported. Is it any wonder that computer-related crime has been escalating at a dramatic rate? Computer crime is almost inevitable in any organization unless adequate protections are put in place.

Figure 1

In recent surveys conducted in Malaysia by the author [Appendix A], less than 10% of those surveyed had been victims of a computer crime [Figure 1]. Unfortunately these 10% may be among the 1% detected. How many others "got away with it?" Of those eleven instances of a computer crime, over 60% went unreported to the authorities and only one individual was reported to have lost their job.

Crimes using computers are easy to commit, hard to detect and even harder to prove. If someone steals your computer, you know it and may even have evidence. If someone steals your data, how do you know it and where's your proof. As will be discussed throughout this paper, one major problem is a lack of awareness. Few individuals and schools are aware of the extent of computer crime committed today.

Computer Viruses

Computer viruses are a leading threat to secure computing. [see Glossary for definitions of virus-related terms] There are over 3000 computer viruses and strains with several new ones developed every day. Over eight million PCs have been hit by viruses by 1992 with 90% of those infected being reinfected within a short period. Almost 90% of those surveyed in Malaysia have experienced a computer virus infection [Figure 2]. Almost 74% of those had at least five infections [Figure 3]. It's also possible that some of those who claim to have not been infected by viruses, may have not known how to recognize an infection.

2 Figure 2

Fortunately in Malaysia, the number of virulent viruses is probably less than 100. Most of these are relatively harmless. One reasons for so many occurrences of viruses both here and elsewhere is the widespread copying of software. This is especially a problem with students and computer games. How many of our students actually buy legal copies of games? Stop the illegal copying and use of illegal software and the spread of viruses would diminish greatly.

3 Figure 3

Natural Disasters

Malaysia has the fortune to not suffer from many natural disasters, but there are some. For example, within seven months last year the Subang International Airport suffered two fires. The fire in April at Subang International Airport knocked out the computers controlling the flight display system. A post office near the DCA computer room was also affected by the soot that decommissioned the post office counter terminals. The computers were not burnt but crashed because soot entered the hard disks. The fire in October damaged newly installed computer equipment worth 400,000 ringgit as well as 7 million ringgit worth of equipment in the air traffic control tower[3].

4 Figure 4

Power outages are a regular occurrence here culminating in the major blackout in September 1992. The blackout crippled port operations when the Port Klang Authority's computer network went blank[1]. Almost 25% of those surveyed reported downtime due to a "natural disaster." [Figure 4] Most of these were a result of power outages and hard disk crashes.

Negligence

Over 85% of the destruction of valuable computer data involve inadvertent acts. This includes accidents, errors and omissions by employees. This would typically include accidental erasure of files or entire disks. Often students and teachers may inadvertently alter files beyond recovery.

HOW MUCH SECURITY IS ENOUGH?

Computer Security

What is computer security? It can be thought of as the protection of the computer and its resources against accidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data, software or hardware. It includes the denial of use of one's computer facilities for criminal activities including computer‑related fraud and blackmail. Computer security involves the elimination of weaknesses or vulnerabilities that might be exploited to cause loss or harm. How can we minimize the vulnerabilities in our computer system?

A computerized system for processing information is composed of five major components: hardware, software, data, people and procedures. We need effective controls for all five components that will reduce the system's vulnerabilities.

Data

Data is the most important of the five components. It is the life-blood of the company. The easiest way to protect the data is to hide it from prying eyes. One way of doing this is by encryption. Encryption uses an algorithm that hides the meaning of the text[Fig. 5].

plaintext ______ ciphertext ________ original

----------------> |_______| -------------->|________| ----------->

plaintext

Figure 5

A good cryptographic algorithm should be simple to use by authorized users but difficult and time consuming for non-authorized users to decrypt. The security of the data should not depend on the secrecy of the algorithm. The efficiency and security of the algorithm should not be data dependent. More programs are appearing that include and support encryption. Less than 35% of those surveyed [Appendix A - Question 17] use encryption to hide their data.

Software

Software can be easily corrupted by computer viruses. Computer viruses typically infect executable programs, boot sectors and partition tables of hard disks. Two major approaches can be used to minimize the danger of infection.

One approach is to scan for viruses. This won't stop the infection, but it will notify you if an infection has occurred so that you can remove it. To be effective, scanning must be done any time new software is introduced into a computer system. The scanner must also be able to identify all known viruses including viruses that were not released when the scanner was designed. Most of those individuals surveyed are using some type of scanner [Appendix A - Question 8] but nearly half seldom use it.

Another approach is to use a TSR (Terminate and Stay Resident) program that will monitor for attempts by viruses to infect your system. The disadvantage of a TSR is that it might give a false alarm if a legitimate program tries to do something similar in characteristic to a virus's action. Malaysia is fortunate that there are three excellent local products (V-buster, PC-Medic and Armour) which have both scanners and TSR programs. The advantage of a local product is that the development team should have access to viruses that are creating the most havoc locally and design the anti-virus program for that. There are also many imported scanners and TSR programs. Many users are using more than one product to combat viruses. [Appendix B lists addresses of distributors for some of these products.]

Anti-virus software alone won't protect you from computer viruses. You need to practice "safe computing". Appendix B gives a list of guidelines for safe computing. Even the best protection plan may eventually break down and you may find yourself with an infected computer disk. Most anti-virus software will include a program for removing the infection. However there may be a rare infection that cannot be removed with the standard anti-virus software. Appendix C provides some guidelines for virus removal when that occurs.

Don't assume that everything that goes wrong with the computer is caused by viruses. Computer viruses are often blamed for occasional hardware failures and software bugs. If you suspect a problem is caused by a computer virus, use an antivirus software to try to detect the infection. If the antivirus software doesn't identify a virus but you still suspect an infection, fill in a copy of the checklist in Appendix D.

The next level of software protection are the Access Control Systems. ACS's lets you selectively restrict access to files, directories, floppy disk drives, and even external ports. Many systems can also track program use through logging and audit trails. ACS's should also include encryption facilities. Some ACS's can also make the hard disk drive "inaccessible" on a boot from a floppy. Some examples of Access Control Systems include Watchdog, PC-FORT( which is a well written program by a team of Malaysians), DiskLock, and PC/DACS.

ACS's won't prevent an experienced programmer from looking at the raw disk sectors. Most ACS's also won't prevent a user from doing a low-level format from a floppy disk drive.

Access Control Systems usually include some type of password protection to control access to different parts of the computer system. These provide a very important line of defense. Passwords are easy to use but also easy to misuse. Many computer users either select passwords that are not only easy to remember but also easy to guess by an intruder. Other users select a password that is so hard to remember that they have to write it down where the intruder can find it.

Some rules of thumb for passwords include selecting a password that is over five characters long containing upper and lowercase letters, digits and punctuation characters if possible. Pick a password that can be easily memorized but not easily guessed. Don't share it with anyone. Passwords can accidentally be divulged over time, so they should be changed periodically. Many application packages like WordPerfect and Quattro Pro also have password protection options for the data files, but few individuals are using them.

Hardware

How valuable is your computer, your printer, your monitor, etc.? You could bolt it to the desks like a quarter of those surveyed [Appendix A - Question 23]. You could put in a limited access room like 60% of those surveyed [Appendix A - Question 25]. Computers are very sensitive electrical devices and need to be protected from electrical surges. Surprisingly, 37% of those surveyed [Appendix A - Question 26] do not use voltage regulators or surge protectors. With the frequent fluctuations of current in Malaysia, which is a gamble you're sure to lose on.

If you cannot afford to have your computers or network going down unexpectedly, then you should invest in a UPS (Uninterruptible Power Supply). Less than 50% of those surveyed [Appendix A - Question 27] use UPSs.

People and Procedures

Computers do not commit crimes and computers do not write computer viruses. Most of the problems associated with computer security are people problems. These problems can generally be solved with appropriate procedures. Establish a computer security policy and educate the users about the procedures they are expected to follow. A good computer security program involves everyone in the organization from senior management down. Almost 60% of those surveyed [Appendix A - Question 14] state that their company or school has no computer security policy. It is important that computer users understand the issues of computer security, computer ethics as well as the legal issues involved in using a computer.

5 Figure 6

Procedures must be developed for using secure computing systems. Users must not leave PCs unattended without securing both the PC and any storage media. Printers should not be left unattended when printing confidential information. Secure all software and hardware with passwords and if possible lock and key. It is ironic that 78% of those surveyed [Figure 6] lock up their office supplies while over 50% [Figure 7 & 8] leave their software and data unsecured at night. Are paper clips and pencils more important than our data?

6 Figure 7

Do not allow eating, drinking and smoking near the computers. Computer personnel in mainframe and minicomputer environments recognized early the importance and necessity of placing the computer and storage media in a clean environment. Unfortunately, this concern is lost when we move to PCs and networks.

7 Figure 8

Backup

One most important procedure to establish is the one of backup. Data and software can be lost due to a virus attack, sabotage or by negligence. It is necessary to have current backups to recover from the loss. Where should those backups be kept? Although most of those surveyed [Figure 9] made regular backups, over 40% keep the backups on‑site with the computer. If a disaster were to suddenly strike the computing facility, not only is the computer and original data lost, but so is the backup. Mainframe computer personnel have procedures for keeping two generations of backups. The first is kept on‑site while the second generation of backups is kept in another building preferably far away.

Contingency Planning

8 Figure 9

How long can you survive without your computers? Studies have shown that over 90% of the companies that suffered a "catastrophic loss" in their computer systems never recover. You must plan for the unlikely. Unfortunately, of those surveyed [Figure 10], less than 35% have a disaster recovery plan.

RECOMMENDATIONS

Here are some final recommendations. Keep the hardware, software and data in a secure place. Don't leave your PC unattended. If you are in a network environment, log off before leaving your computer or terminal. Protect your software with some type of anti-virus software. Invest in an access control system. This will provide you with password protection for your files and devices. Access control systems can also keep track of who is doing what on your computer system. Protect your data using encryption. That way if some one does break into your system, your data is still secure.

Design a security plan and define policies to be followed by all computer users. Educate students and fellow teachers about the legal and ethical issues involving the use of computers. Do not allow anyone to use their own software on the school's computers, especially pirated software. Do not allow any one to remove software or data from school. Educate all computer users about the importance of computer security.

Create a security planning team with 5-9 members. These should include teachers, parents, students and administrators. The headmaster must be involved in the security of the computer facilities. If the headmaster does not see the importance of computer security, all may be lost.

9 Figure 10

When designing a security plan, consider the following:

- specify goals regarding security

- specify where responsibility for security lies

- specify the school's commitment to security

- identify current security status

- make recommendations

- identify responsibilities for implementation

- draw up a timetable

- provide continuing attention to security

- involve the school's administrators

These plans will hopefully make our computing more productive and safer. Keep your computer system secure and practice safe computing.

References

1. CompuTimes, New Straits Times newspaper, "Blackout creates havoc for IT users," Malaysia, October 5, 1992, pg. 1.

2. Fites, Philip E., Kratz, Martin P.J. and Brebner, Alan F., Control and Security of Computer Information Systems, Computer Science Press, Rockville (MD), 1989.

3. IT Asia, "Subang Airport fire: A lesson for IT users," November, 1992.

4. Malay Mail newspaper, "Computer virus to hit next month - it will wipe out all hard disks every day of March," Malaysia, February 24, 1993.

5. New Straits Times newspaper, "Police warn of 'computer hackers' infiltrating CDS," Malaysia, May 26, 1993, pg. 4.

6. PC Week Asia, "Many users still ignore rampant virus threat," May 8-21.

7. Pfeeger, Charles P., Security in Computing, Prentice- Hall, Englewood Cliffs (NJ), 1989.

8. Star newspaper, "17,712 bank fraud cases since 1986," Malaysia, September 8, 1992.

9. Stoll, Cliff, The Cuckoo's Egg: Tracing a Spy Through the Maze of Computer Espionage, Doubleday, New York (NY), 1989.

10. Summers, Wayne C. seminar notes for "Computer Security, Computer Crime and Combatting Computer Viruses," April 1993.

11. Summers, Wayne, Zaidah Ibrahim and Naimah Mohd. Hussin, COMPUTER VIRUSES: What They Are and How to Prevent Them, Federal Publications, Malaysia, 1993.

APPENDIX A - COMPUTER SECURITY IN MALAYSIA

Location: INTAN MCCE MCCE PC‑Fort MCCE Totals

K.L. K.L. Sabah Launch Penang

Date: Aug. 92 April 93 Aug. 93 May 93 Sept. 1993

# of respondees: 55 6 23 26 18 128

1. Type of Company:

Gov't/Semi‑Gov't 43 2 1 6 1 53 41.41%

Education 9 3 22 5 17 56 43.75%

Banking 1 8 9 7.03%

Computer Related 1 1 1 3 2.34%

Trading & Services 4 3 7 5.47%

2. Number of Employees:

1‑10 3 2 3 8 6.35%

11‑99 12 2 12 10 12 48 38.10%

100‑999 22 3 9 7 2 43 34.13%

>1000 18 8 1 27 21.43%

3. Number of Computers:

1‑10 7 2 12 2 11 34 27.87%

11‑99 27 3 9 14 6 59 48.36%

100‑999 15 6 21 17.21%

>1000 4 4 8 6.56%

4. Type of Computers:

PCs 55 6 23 25 18 127 99.22%

minicomputer 24 1 13 38 29.69%

mainframe 33 10 43 33.59%

network 19 18 2 39 30.47%

5. Have you experienced a computer virus infection?

yes 45 6 19 23 17 110 89.43%

no 10 0 2 0 1 13 10.57%

5a. If yes how many times?

once 2 4 3 9 8.11%

2‑5 times 5 2 4 6 3 20 18.02%

>5 times 38 4 13 14 13 82 73.87%

6. Is there an individual to contact in case of a computer infection?

yes 35 1 8 20 8 72 56.25%

no 16 5 13 6 8 48 37.50%

7. Do you use a TSR to monitor for computer virus infections?

yes 19 3 4 15 7 48 37.50%

no 24 2 12 11 10 59 46.09%

8. What type of antivirus program are you using?

Vbuster 11 6 2 5 24 18.75%

Scan 36 4 14 16 12 82 64.06%

CPAV 23 2 2 14 3 44 34.38%

NAV 8 1 2 3 5 19 14.84%

Dr. Solomon 6 1 1 3 11 8.59%

TNT 11 1 3 1 16 12.50%

UTipac 1 4 5 3.91%

Pc‑cillin 17 2 10 29 22.66%

PC‑Medic 5 5 3.91%

Armour 1 5 2 8 6.25%

Serum 1 1 0.78%

None 3 1 4 3.13%

9. How often do you scan for viruses?

daily 24 2 15 4 45 35.16%

weekly 13 3 5 3 3 27 21.09%

monthly 2 3 1 2 8 6.25%

seldom 14 1 10 6 7 38 29.69%

never 1 3 1 5 3.91%

10. Has your computer system suffered downtime due to a natural disaster?

yes 11 2 4 6 3 26 24.76%

no 31 4 16 17 11 79 75.24%

11. How often do you make backups?

daily 16 2 1 12 6 37 28.91%

weekly 25 1 4 8 3 41 32.03%

monthly 6 1 5 2 3 17 13.28%

quarterly 2 1 1 1 5 3.91%

yearly 2 1 3 6 4.69%

seldom 3 4 7 5.47%

never 5 5 3 13 10.16%

11a. Are these backups kept off site?

yes 28 4 10 18 12 72 66.06%

no 20 2 6 8 1 37 33.94%

12. Does your company have a disaster recovery plan? yes 19 0 2 17 3 41 33.88%

no 31 6 21 8 14 80 66.12%

13. Does your company have a security evaluation team?

yes 18 1 2 16 2 39 31.71%

no 34 5 21 9 15 84 68.29%

14. Does your company have a computer security policy?

yes 20 2 2 19 5 48 40.68%

no 28 4 20 6 12 70 59.32%

15. Does your company educate your employees about the importance of

computer security?

yes 32 2 2 22 6 64 53.33%

no 21 4 20 3 8 56 46.67%

computer ethics?

yes 23 2 0 23 5 53 46.49%

no 27 3 20 2 9 61 53.51%

computer viruses?

yes 31 3 8 24 8 74 61.67%

no 22 2 13 1 8 46 38.33%

16 Are your computers protected with passwords?

yes 27 2 6 18 4 57 44.88%

no 28 5 16 7 14 70 55.12%

16a. How often are they changed?

weekly 2 3 5 12.50%

monthly 6 1 6 1 14 35.00%

quarterly 1 1 2.50%

seldom 4 2 1 7 17.50%

never 6 1 2 4 13 32.50%

17. Are your sensitive data files encrypted?

yes 17 1 3 14 3 38 33.93%

no 28 5 18 9 14 74 66.07%

18. Do you keep a log of computer usage?

yes 14 4 7 9 6 40 33.33%

no 36 2 15 15 12 80 66.67%

19. Are employees allowed to take software/data home with them?

yes 26 3 15 4 9 57 44.88%

no 27 7 8 20 8 70 55.12%

20. Are employees allowed to use their own software in the workplace?

yes 32 3 18 7 11 71 56.80%

no 22 3 4 19 6 54 43.20%

21. Is your software locked up at night?

yes 27 3 7 12 9 58 47.93%

no 26 3 16 12 6 63 52.07%

22. Is your data locked up at night?

yes 28 2 7 13 8 58 48.33%

no 25 4 15 11 7 62 51.67%

23. Is your hardware bolted down?

yes 9 0 8 2 6 25 25.00%

no 30 5 11 20 9 75 75.00%

24. Are your office supplies locked up?

yes 40 5 14 17 15 91 77.78%

no 12 0 6 8 0 26 22.22%

25. Are your computing facilities in a limited access room?

yes 29 3 15 12 15 74 63.25%

no 21 3 7 12 0 43 36.75%

26. Do you use voltage regulators/surge protectors?

yes 32 4 14 16 5 71 63.39%

no 14 2 6 9 10 41 36.61%

27. Do you use uninterruptable power supplies(UPS)?

yes 31 2 5 16 4 58 49.57%

no 23 3 13 9 11 59 50.43%

28. Have you been a victim of computer crime?

yes 2 2 2 2 3 11 9.82%

no 46 2 18 23 12 101 90.18%

28a. If yes was it reported to the authorities?

yes 0 2 0 1 1 4 36.36%

no 2 0 2 1 2 7 63.64%

28b. What happened to the suspect?

fired 0

arrested 0

convicted 0

warning 1 1 1 3

29. Do you have procedures for reporting and handling computer crime?

yes 10 0 1 7 1 19 16.24%

no 42 6 19 18 13 98 83.76%

10. Always keep a lookout for strange occurrences:

a. When you do a directory listing, look at the volume label.

b. Observe whether your computer system is slowing down.

c. Watch for files that disappear.

d. Notice when there are attempts to access the disks when there should not be any read or write activity.

e. Watch whether the loading of programs takes longer.

f. Keep a lookout for decreases in the main memory or reduction of disk space.

g. Watch for unusually large sizes on program files.

h. Watch for recent creation dates on old program files.

i. Watch for unusual displays on the computer screen.

11.Use caution when using public domain and shareware software or any new software. There have been instances where commercial software has been sold with a virus.

12.If you are downloading software from a bulletin board or other computer network, always download to a diskette. You should then scan the diskette for possible virus infections. (You may want to write‑protect your hard disk during this operation.)

13.In a lab environment, do not allow users to run their own programs or boot the computer system with their own disks. Users should only have data disks that are not bootable. All program disks and hard disks in a lab must be checked frequently for viruses. If users are allowed to use their own program disks, they must be scanned before they are used in the computer lab.

14.Most important of all is to teach computer users about computer viruses so that they can recognize them. Computer users need to be able to identify viruses so that they will be able to prevent their spread.

APPENDIX C - PROCEDURES FOR VIRUS REMOVAL

If an infection is detected, follow the procedures listed below:

1.DON'T PANIC. First, decide how extensive the infection is. If the infection has only attacked the floppy disks, skip steps 2 through 11.

If possible use an antivirus program to remove the virus. Most viruses can be removed with most virus removal program. In very serious infections, you may need to follow the procedures outlined below:

2. Shut off the infected computer system.

3. Power up the system with the original write‑protected system diskette.

4. Make sure that the system has booted properly.

5.Backup all the nonexecutable data files from all directories onto newly formatted diskettes or do a tape backup. (If backing up to another hard disk, make sure that the hard disk has not also been infected). DO NOT EXECUTE OR BACKUP ANY OF THE PROGRAMS FROM THE INFECTED HARD DISK!!!

6.Check each batch files on the infected hard disk. If any of the lines within the batch file look suspicious, do not back up that file. Otherwise backup all the batch files.

7. Do a low‑level format of the infected hard disk.

8. Install the operating system onto the hard disk.

9. Rebuild all directories.

10.Install all the executable programs from the original write‑protected distribution disks.

11. Restore all the files that had been backed up in steps 5 and 6.

12.Gather all the diskettes that have been used with the computer system during the past six months. It is difficult to tell when the original infection occurred. Either check each disk for viruses and remove the viruses or follow the following steps.

13.Backup all the nonexecutable data files from the suspect disks onto newly formatted diskettes.

14. Reformat the suspect diskettes.

If the virus is a boot sector infector, then the recovery process is simpler. The boot infector viruses do not infect executable programs. This means that the infection is isolated in the boot system on the infected disk. To recover from this type of infection proceed with the following steps:

1. Shut off the infected computer system.

2. Power up the system with the original write‑protected system diskette.

3. Make sure that the system has booted properly.

4.Replace the operating system and the boot sector of the infected disk or run an antivirus program.

(NOTE: The virus may remain intact in the bad sectors created by the virus in the data files, but these virus segments are not active).

APPENDIX D - VIRUS CHECKLIST

This checklist is for those of you out there that may think that you have contracted a deadly and incurable computer virus... Before you go and destroy your computer, please take the time to check this list out and see if your problem could be caused by any of the following situations.

#1 DISKS

a) Floppy Disks:

1) Have you set your floppy disks near any magnetic fields lately? ie. Telephone, T.V., C.R.T., Stereo, Speakers, Magnetic ID Holder?

2) Are your disks in direct sunlight? Are they stacked on top of each other? Did you leave them in the car?

b) Hard Drives:

Has your Hard Drive suffered from any physical shocks lately? ie. Earthquake, moving your computer from one room to another, kicking your tower case?

#2 DATA

a) Have you run any Disk Fixing/Optimizing programs lately?

b) Could you have accidently deleted or damaged your data files in any way?

c) Have you installed any programs which modified your autoexec.bat or config.sys files?

d) Have you formatted double-density disks as high-density?

#3 MISCELLANEOUS

a) Have you dusted your work area lately?

b) Did anything get dropped into your keyboard?

c) Is your computer wired into the same circuit as your washing machine, air-con, refrigerator?

d) Are your computer cables coiled together?

e) If you look down right now, are you on carpet? If so, do you get static electricity shocks from it?

f) Do you have a spike/surge filter between the outlet and your computer?

If you still think that you may have a virus, please continue by filling out the following section.

#1 Is it taking longer for a program to load or run?

a) YES _____

b) NO _____

If yes please fill out program name and what happened.

#2 Is disk access taking longer than normal?

a) YES _____

b) NO _____

If yes please write down which drive, and how much longer than normal it took.

#3 Has the computer malfunctioned?, If so, what happened?

a) YES _____

b) NO _____

#4 Is there any change in your files on disk?

a) YES _____

b) NO _____

If yes, what happened?

1) Files have suddenly disappeared. _____

2) Files have suddenly appeared. _____

3) Files changed in size.

a) File increased in size. _____

b) File decreased in size. _____

Please write down what files have changed and exactly what happened (if you can remember).

#5 Did anything appear on your screen (ie. profanity or warnings?), or did any strange sounds come from the speaker?.

a) YES _____

b) NO _____

If yes please explain.

#6 Did any drive lights activate for no reason?

a) YES _____

b) NO _____

If yes please explain (Was it a floppy or hard drive, and how long did it stay on for, did it lock up your system?)

#7 Was computer memory reduced or increased?

a) YES _____

b) NO _____

If yes, what happened, and how did you notice this change?

#8 List everybody else that has access to your computer, and who has recently used it.

#9 Please list any and all new disks that have been introduced to your system recently.

a) Now, collect all disks that are listed above and place them in an envelope and hold on to them.

#10 (For Businesses Only). Contact your MIS Mgr., Computer Consultant, or whoever is in‑charge of your P.C.s and give them this completed check‑list and the disks from item #8.

#11 Follow up for item #10, if this problem is above your head, please feel free to contact us at ITM-PPP (03) 548-2340 Or contact me via Internet at wayne@mucia.itm.MY

GLOSSARY

Appliciation program infector - The most infectious type of computer viruses is the application program infector or file virus. They may attach to any executable file usually .COM and .EXE files. An application program infector takes control after the initial use of the infected program. Once the virus is in place in the RAM of the computer system, it will potentially infect every program run on the computer until the computer is shut off. The most widespread virus today is the Jerusalem virus.

Backup ‑ copies of the latest files. Also the act of copying all or some of the files as a security measure.

Boot sector infector - hides in the boot sector of a disk or the partition table of a hard disk and takes over control of the computer system when it is booted. It then copies itself into the computer's memory. When other disks are used, the virus transfers to their boot sectors. The most common boot sector viruses are the Pakistani Brain virus and the Stoned/Marijuana virus.

Boot sector ‑ the sector of a disk that contains the programme for starting the computer and its operating system.

Checksum ‑ result of a procedure used to verify the accuracy and integrity of sectors on a disk by calculating the number of bits in each sector.

CRC (Cyclic Redundancy Checking) ‑ error checking technique used to ensure accuracy. Can also be used to check for viral infections.

Dark Avenger Mutation Engine - polymorphic encryption program used by virus developers to encrypt the virus in order to avoid detection. The engine uses a special algorithm to generate a completely variable decryption routine each time. No three bytes remain constant from one sample to the next.

Data diddling ‑ unauthorized altering of data.

Encryption ‑ encoding of data by converting standard data code into a proprietary code.

FAT (File Allocation Table) ‑ area on a disk that contains the addresses that link clusters of a file together.

Hacker ‑ person who enjoys learning the details of computer systems and how to stretch the systems' capabilities.

Host ‑ program to which a virus attaches itself.

Logic bomb ‑ programme which initiates an activity, often destructive, when a certain condition is met.

Multiparite virus - virus which infects both the boot sector of a disk as well as application programs.

Snapshot program ‑ anti‑virus program which records specific facts about a file or the disk. Usually includes the size of the file and its creation date.

Stealth viruses - viruses which attempt to hide their presence. Some of the simple techniques include hiding the change in date and time and hiding the increase in file size. Some even prevent anti-virus software from reading the part of the file where the virus is located. Some also encrypt the virus code using variable encryption techniques.

System infector - attaches to one or more operating system modules or system device drivers, usually COMMAND.COM. The virus takes control after the initial use of the infected program. An example of a system infector virus is the Lehigh virus that infects the COMMAND.COM program.

Timebomb ‑ programme which initiates an activity, often destructive, at a certain time or date or when a certain amount of time has elapsed.

Trapdoor ‑ way of accessing a computer system that bypasses security procedures. It is often created to enable a programmer to gain access to a system.

Trojan horse ‑ named after the Greek wooden horse used to smuggle Greek troops inside the walls of Troy. In computers, it refers to an appealing programme that is in fact often destructive.

TSR (Terminate and Stay Resident) ‑ RAM resident programme that remains in memory at all times so that it may be instantly activated.

Virus ‑ a segment of self‑replicating code that is used to infect the operation of a computer system. A virus must be attached to another programme.

Worm ‑ stand‑alone programme that changes another programme, data or the computer's memory, often destructive.

COMPUTER SECURITY IN AN EDUCATIONAL ENVIRONMENT (MCCE-KL 5/11/93)

Optional: Name:____________________________________________

Company: ____________________________________

____________________________________

Please answer the following questions (circle your answers):

1. Type of Company: Government Education Computer-related

Trading Other:__________

2. Number of Employees: 1-10 11-100 100-999 >1000

3. Number of Computers: 1-10 11-100 100-999 >1000

4. Type of Computers: PCs mini mainframe network

5. Have you experienced a computer virus infection? Yes No

5a. If yes, how many times? once 2-5 times more than 5 times

5b. What were the estimated losses?

5c. Which viruses infected your computer?

6. Is there an individual to contact in case of a computer virus infection? Yes No

7. Do you use a TSR to monitor for computer virus infections? Yes No

8. What type of antivirus program are you using? V-Buster Scan

CPAV NAV Dr. Solomon TNT UtiPac PC-cillin

PC-Medic Armour None Other:____________________

9. How often do you scan for viruses?

daily weekly monthly seldom never

10. Has your computer system suffered downtime due to a natural disaster? Yes No

10a. What happened? _______________________________________

10b. What were the estimated losses?

11. How often do you make backups? daily weekly monthly

quarterly yearly never

11a. Are these backups kept off site? Yes No

12. Does your company have a disaster recovery plan? Yes No

13. Does your company have a security evaluation team? Yes No

14. Does your company have a computer security policy? Yes No

15. Does your company educate your employees about the importance of

computer security? Yes No

computer ethics? Yes No

computer viruses? Yes No

16. Are your computers protected with passwords? Yes No

16a. How often are they changed? weekly monthly never

17. Are your sensitive data files encrypted? Yes No

18. Do you keep a log of computer usage? Yes No

19. Are employees allowed to take software/data home with them? Yes No

20. Are employees allowed to use their own software in the workplace? Yes No

21. Is your software locked up at night? Yes No

22. Is your data locked up at night? Yes No

23. Is your hardware bolted down? Yes No

24. Are your office supplies locked up? Yes No

25. Are your computing facilities in a limited access room? Yes No

26. Do you use voltage regulators/surge protectors? Yes No

27. Do you use uninterruptable power supplies(UPS)? Yes No

28. Have you been a victim of computer crime? Yes No

28a. If yes was it reported to the authorities? Yes No

28b. What happened to the suspect? Fired Arrested

Convicted Warning

28c. What were the estimated losses?

29. Do you have procedures for reporting and handling computer crime? Yes No