25 Sep 2022

93

Fundamentals of Computer Security

Format: APA

Academic level: College

Paper type: Coursework

Words: 874

Pages: 2

Downloads: 0

Learning about Cookies as Spyware 

First party cookies are able to cache data such as authentication details and language settings to avoid the re-entry of huge clusters of information that users have generated during their previous online activities (Tirtea, Castelluccia & Ikonomou, 2010). Some of the information a user does not need to keep re-entering includes email addresses, usernames or even passwords. However, cookies are continuously being used as spyware on the internet, therefore, invading the privacy of the online users. An attacker can use the XXS (Cross Site Scripting) cookie to sniff through a computer and hijack someone’s account session. 

The cookies are stored in plain text format and contain no personal information. This is because cookies contain information such as a session ID, sites visited and the time the session was established. Applications such as the Adobe Flash Player are able to use cookies to extract previous websites a user has visited. The subfolders that store this kind of information are placed on the user hard disk and can be reactivated every time the user visits the same web page. Attacks from hackers sometimes utilize the session hijack modes to reconstruct the browser history of a user thereby exploiting websites that contain vulnerable banking details. This can be done by rebuilding all the websites a user has visited and therefore gain access to sensitive private information or even modify the browser settings. 

It’s time to jumpstart your paper!

Delegate your assignment to our experts and they will do the rest.

Get custom essay

Learning about a Virus 

The Zeus virus is a Zbot banking Trojan that steals credit card information and banking information from the online banking websites (Doevan, 2018). The virus is easily propagated using e-mails and fake pop-up windows or advertisement sites. It utilizes the form grabbing technique that includes additional fields in the online forms. The attackers are able to spy on the data being transferred in these forms using the keystroke signatures. This virus consequently facilitates the process of money transfer from the users accounts without their knowledge. 

The Zeus malware propagates itself by phishing and tracking the sites a user visits. It then tricks the online users into installing the virus by bombarding them with huge amounts of data and websites that contain the windows notification window. The virus imitates the windows blue screen alerting the user of a possible virus infection. The pop-up windows only stop when the user accepts to be redirected to an unknown website that is infected with the Zeus virus (Maria, 2018). The virus is consequently installed on the client machine where it is able to delete system files, generate system reboots, shutdowns or even crashes. 

Recommending Security 

The top 5 security controls recommended by SANS (Brooks, 2018). 

1. Companies should keep an inventory of all devices that access the company website, whether authorized or unauthorized. This is because attackers are looking for vulnerable points that they can use to gain access to a network. 

2. Companies should also keep track of all unauthorized software are used and installed within the company. I agree with this recommendation since most antiviruses are unable to detect the zero-day exploits that come with software’s that have not been patched (“SANS Institute Recommends,” 2011). An antivirus can only detect these zero-day vulnerabilities once the new signatures have been patched. 

3. Companies should use automated administrative tools such as the Active directory to track unauthorized users who gain access into the company network. I agree that beyond trust privileges leads to elevating the administrative roles of an attacker thereby causing a breach in network security and theft of crucial company data. 

4. Companies should control the entry points for malware and viruses. I agree with the limitations put on active and executable code such as JavaScript. The use of anti-viruses, firewalls and anti-spyware are some of the techniques companies should deploy to reduce the chances of these programs being installed into the company network. 

5. Companies should focus on protecting any dedicated servers such as the file server, mail daemon, and web servers. This is because attackers can use the file transfer or email ports to gain remote access to the company network. 

The Domain Name System (DNS) protocol 

Jin Postel, Paul Mockapetris and Craig Patridge in 1984, developed the Domain Name System (DNS) protocol to enhance the process of name resolution of components connected to the internet (Pope, Warkentin, Mutchler & Xin, 2012). The users of the internet found it easy to remember names such as www.google .com on a URL or web addresses rather than IP address of the destination computer. These Internet Protocol (IP) addresses act like telephone numbers and are instrumental in the routing or transportation data packets around the internet. 

The Domain Name System (DNS) protocol therefore is a name to address resolution protocol used on the internet to translate the Fully Qualified Domain Names (FQDM) such as www.google.com into its corresponding IP address such as 173.194.22.173. When a user enters the www.google.com into a web browser, this web browser must first know the IP address of the destination website such as www.google.com. First the DNS server will contact the local servers within its database to locate where all the .com root server IP addresses are stored. The.com root server then responds by sending the IP address of the Google network. The IP address of the google.com network is finally sent to the browser requesting it, and a session is established between the two computers before any information can be eventually exchanged between the two computers. 

References 

Brooks, R. (2018, February 1). Top 20 Critical Security Controls for Effective Cyber Defense. Netwrix, Netwrix Corporation. Retrieved on 27 June 2018 from https://blog.netwrix.com/2018/02/01/top-20-critical-security-controls-for-effective-cyber-defense/ 

Doevan, J . (2018, March 19). Zeus Trojan. How to remove? (Uninstall guide). 2-spyware.com Accessed on 27 June 2018 from https://www.2-spyware.com/remove-zeus-trojan.html 

Maria, K. Zeus “Virus” Removal (Microsoft Support Scam) June 2018 Update. 

HowToRemove.guide. Accessed on 27 June 2018 from https://howtoremove.guide/zeus-virus-scam-mac-microsoft/ 

Pope, M. B., Warkentin, M., Mutchler, L. A., & Xin (Robert) Luo. (2012). The Domain Name System-Past, Present, and Future. CAIS , 30 , 21. 

SANS Institute Recommends Least Privilege Security Model to Reduce Impact of Zero-Day Attacks. (2011, May 31). BeyondTrust. Retrieved on 27 June 2018 from https://www.beyondtrust.com/resources/press-release/sans-institute-recommends-least-privilege-security-model-to-reduce-impact-of-zero-day-attacks/ 

Tirtea, R., Castelluccia, C., & Ikonomou, D. (2010). Bittersweet cookies: Some security and privacy considerations. ENISA (European Network and Information Security Agency)

Illustration
Cite this page

Select style:

Reference

StudyBounty. (2023, September 14). Fundamentals of Computer Security.
https://studybounty.com/fundamentals-of-computer-security-coursework

illustration

Related essays

We post free essay examples for college on a regular basis. Stay in the know!

Security Implication of the Internet of Things

The Internet of Things (IoT) can be described as s system of interconnected devices that have the ability to transfer information over a computer network without the need of human-to-computer or human-to-human...

Words: 892

Pages: 3

Views: 97

Modern Day Attacks Against Firewalls and VPNs

Introduction The need to have an enhanced security of the computer connectivity happens to be one of the reasons that attract companies and organizations towards wide usage of VPNs. Several simple techniques...

Words: 2025

Pages: 7

Views: 135

How to Deploy and Administer Windows Server 2012

Securing a reliable, and expandable configuration for a company is important to build a strong network. The new and enhanced features of the Windows Server 2012 can be used to implement the network. In this...

Words: 1673

Pages: 6

Views: 88

Deployment Model in Cloud Computing

Deployment model is a representation of a cloud environment primarily distinguished by parameters such as accessibility, proprietorship, and storage size. The National Institute of Standards and Technology gives the...

Words: 254

Pages: 1

Views: 82

How to Use Web Search Engines for Business Research

The advancement of technology has made it possible for many people around the world to have easy access to information whenever they want. The development of the Wide World Web-enabled different kinds of information...

Words: 773

Pages: 3

Views: 87

Distributed Database Management System (DDBMS)

Introduction Data management has been a headache to many technology enthusiasts for quite a long period of time. They have successfully managed to logically collect interrelated data and share it. If the data is...

Words: 799

Pages: 3

Views: 128

illustration

Running out of time?

Entrust your assignment to proficient writers and receive TOP-quality paper before the deadline is over.

Illustration