Online Security - Spoofing and Tampering

Online Security - Spoofing and Tampering

We all can't live a day without the internet facility but have you ever thought that whether your data and the information you are accessing online is secure or not. Here comes the concept of Online Security to prevent a Hacker to Hack into your system to access the secured information that is important to you like online banking passwords. You might even not come to know that with some mail or pen drive you have installed such a program in your computer that is serving as a key logger and sending every information of key hits from your pc to an email id when you connect to internet. Thats why to imrove the online security systems some industries have developed such programs for the websites like e-banking or online shoping so that no one can misuse the system to access your credit card information and withdraw amout. Also to help upon the online security some comapnies have doubled the security by the fact that when you login into the website you have a message from the website owner with some code that you need to enter so as to make transaction.

Always remember phishing of websites is the major threat to Online Secured Systems. You might receive a mail from some wague email id stating some offer and when you click on URL provided you think its the same site you have been using for a long time and you enter your username and password which can be misused by the phished website owner.

Do rememeber to apply the following mentioned rules if you are a Window's User

1. Keep your patches up-to-date
2. Keeping your virus scanner up-to-date
3. Be cautious of attachments
4. Install a Personal Firewall
5. Some essential system settings
6. Test your defences
7. Spyware detection and removal
8. Other security issues
9. Don't trust Microsoft products
10. Stay informed

Spoofing

Going by the dictionary meaning of spoofing it means a hoax or a nonsense or to deceive, doing the things involving trickery. Spoofing is the threat to internet security which I would be discussing below under this heading.

Spoofing in context with the networking and security is a situation in which a person gains an unwanted advantage by some tricks to hide his identity or falisifying data. Below mentioned are various kind of spoofing used to gain illegitimate advantage over the user's system or its data.

1.URL spoofing and phishing

2.Caller Id spoofing

3.Email-id spoofing

4.IP spoofing

URL Spoofing and Phishing

In this context url spoofing also sometimes known as phishing of website as discussed on previous page also is all about how to fool a user so as to direct him on to the phished website (Website similar in look and feel to Legitimate Website) like that of a bank's site and forcing the web Browser to display wrong URL in the address bar by DNS cache poisoning in order to make user feel that he is on secured website but actually he is using the spoofed website and when he login he is directed to the real website. In this way an online attacker attacks the security and have access to all the information that should be available only to the concerned persons.

Caller Id Spoofing

Caller Id spoofing deals basically with giving phone calls on any number with fake information about the caller info like his telephone number. We all might have used a landline with Caller Id or a Cellular Phone or VoIP which displays the number from which call is being made. Specially with VoIP it is possible to dispaly fake calling numbers because of services and gateways available to VoIP which connects them to the public telephones. And due to distributed network of internet it is also not possible to trace each phone call which serves as the benefit to the person involved in spoofing.

Email Id Spoofing

Similar to the above two sub topics of spoofing is email id spoofing where an programmar or a person who wants to get your private info mails you by tempering the headers like From, cc, reply to, etc so that it appears to you that mail has come from authentic site or email id and when you click on the links either you are directed to phished website or the link doesn't exist usually it happens in case of spams.

IP spoofing

IP Spoofing relates to hiding the Ip address or forcing the browser to display wrong URL so that users are directed to the page the coders wants. This is usually done to increase the hits on a specific website which is just launched or for getting private information which a person wants to keep as a secret.

Tampering

Tamering is basically related to the data security which aims at ensurity that data is safe from corruption and that access to that is suitably controlled. Thus data security helps to improve privacy of the data like passwords, user info, etc. To avoid tampering og the data various encryption techniques are used like sha1, Md5, etc so that private data can't be reverse engineered to get the actual data. Also many companies uses PIN to safe guard the data. Data Masking is another important technique that companies uses to protect data from being tampered. Another important concept is of Data Erasure which is an application software aims at erasing the data from a memory storage devices so that it can't be recovered or accessed even after deletion of the data when the resource of memory storage is reused.

Denial of Service Attack

Denial of service attack or Distributed denial of service attack is an attempt in which computer resources are made unavailable to the intended users. This attack is many at times aimed at Internet sites or web resources to affect their functionality or not at all to allow the web resource  to continue. Security attackers mainly selects the area of the websites hosted at hig profile servers like banks, institutes or root servers.

First thing which is done in case of DOS attack is that sending so much trafic to the resource that it might not be able to handle the online trafic resulting in non responding server or slow response to the desired user. You might have even noticed that when you register at some site or download something from internet you are asked to enter a code wriiten in the picture shown (Capcha) so as to prevent the bots (coder who code a script to repeatedly mail or register at the site) from increasing the web traffic.

It is considered to the violation of the Internet Proper Use Policy.

Method of Attack (http://en.wikipedia.org/wiki/Denial-of-service_attack)

A DoS attack can be perpetrated in a number of ways. The five basic types of attack are:
1.Consumption of computational resources, such as bandwidth, disk space, or processor time
2.Disruption of configuration information, such as routing information.
3.Disruption of state information, such as unsolicited resetting of TCP sessions.
4.Disruption of physical network components.
5.Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
A DoS attack may include execution of malware intended to:
1.Max out the processor's usage, preventing any work from occurring.
2.Trigger errors in the microcode of the machine.
3.Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up.
5.Crash the operating system itself.