Are Home Computers are Safe?

This document is intended to prescribe basic guidelines to the home computer users working with computer systems running Windows Operating System. The basic purpose of this document is to create awareness about computer security issues among home computer users and suggest them the tasks to be performed to secure their computer systems to protect their information assets.

Why Home Computers?
Home computers are typically not very secure and are easy to break-in. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target. There may not be important data stored on the home computers but they are targeted by the intruders for launching attack against other computer systems.

How attackers do it?
In general, attack vectors which attackers use are:

• Through E-mail
• Through Un-trusted Websites
• Through Internet Shares

In some cases, they send email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access the computer. In other cases, they take advantage of a flaw or weakness in one of the computer program’s vulnerability to gain access. Once they’re on the computer, they often install new programs that let them continue to use the computer even after user plug the holes they used to get onto user’s computer in the first place. These are known as “backdoors” and are usually cleverly disguised so that they blend in with the other programs running on user’s computer.

What is Information Security?

Information security can be explained by the help of following example. If company sells bottled water purified using the process of reverse osmosis, the process is well known, and therefore it does not make good business sense for management to protect that information. However, if that company has a revolutionary process that cuts the cost and time for water purification in half, it would make sense to secure that information. There is a limit to the value of implementing protection so user must combine his knowledge of value, threats, vulnerabilities, and risks to put together a feasible plan.

Information security involves the measures and controls that ensure confidentiality, integrity, and availability
of the information processed by and stored in a computer or system.

Confidentiality: Ensures that information is accessed only by authorized personnel.
Integrity: Ensures that information is modified only by authorized personnel.
Availability: Ensures that information and systems can be accessed when needed by authorized personnel.

This practice include policies, procedures, hardware and software tools necessary to protect the computer systems and the information processed, stored, and transmitted by the systems.

When the user combines efforts to provide data confidentiality, data integrity, and data availability with physical security, then he can provide a very effective security solution.

Threats to home computers

A threat, for information security, is any activity that represents possible danger to user’s information.

Intruders want the information stored by the users which are personal and sensitive, such as credit card numbers, PINs, passwords etc. By stealing this information the malicious intruders commonly referred to
hackers may gain financially. The intruders also use the resources of the compromised systems for their own purposes and for attacking other computer systems connected to the Internet. Recent trends in computer security threats show that the attackers are compromising the home computers and installing malicious code such as Bots in these systems, which may then be used as Zombies to further launch large scale attacks on critical information systems. This type of attack is known as Distributed Denial of Service (DDOS).

Vulnerabilities in home computer
A vulnerability is a weakness in user’s information security that could be exploited by a threat; that is, a weakness in user’s system and network security, processes, and procedures.

Computer vulnerability is flaw in the computer system. Which when exploited allows intruder to compromise the system’s integrity. The common types of vulnerabilities are logical errors in operating system or applications due to poor coding techniques, allowing intruder to exploit them and giving him heightened access to the user’s computer. Various security tools are available to secure the system like firewalls etc. These tools provide excellent security mechanism but having flaw in design that could lead to security breach. The term “security through obscurity” fits into this arena, being the system is secure because nobody can see hidden elements. All types of file encryption come under this category. By means of encrypting the data an additional layer of protection is being added to the computer system. In case a system is compromised, the critical data is still protected by encryption. And the intruder may not be able to steal the information from the hacked system.