Introduction to malware

Malicious software, often referred to as malware, is defined as a program or part of a program that executes unauthorized commands, generally with some malicious intention. Types of malware can be classified based on how they execute their malicious actions and propagate themselves. Viruses, worms, Trojan horses, and backdoors are the major examples of malware (Garetto et al., 2003). Other malware related terms include malcode and malware payload. Malcode refers to the programming code that contains the malware logic, while the malware payload represents the malicious action it is designed to realize (Briesemeister et al., 2003; Anagnostakis et al., 2003).

A malware can damage the host on which it is running by corrupting files and programs or over-consuming resources. Typically, this is done while the malware is avoiding the complete devastation of the host because a system failure would prevent the ability of the malware to propagate further.

Introduction

A Virtual Private Network (VPN) is a private network connecting different sites or corporate offices by using public telecommunication infrastructure (Internet) using encryption and tunneling protocol procedures for secured and reliable connectivity. One other definition states that a VPN is a private data network that makes use of the public telecommunications, maintaining privacy through the use of tunneling protocol and security procedures. Others have defined a virtual private network as a network that allows two or more private networks to be connected over a publicly accessed network (Papadimitriou et al., 2004; Metz, 2003; Ferguson and Huston, 1998; Hunt and Rodgers, 2004; Arora et al., 2001).

Introduction

Intrusion detection is the process designed to monitor, analyze, and correlate the information events that occur in a network or a computer system, in order to detect malicious computer and network activities, find signs of intrusions and trigger (or propose) immediate responses to protect the system under monitoring. An intrusion is defined as an attempt to compromise the confidentiality, integrity, availability of a system or to go around the security mechanisms of the system. An intrusion is performed by an adversary accessing the system remotely, an authorized user trying to gain additional privileges that they are not allowed to have, or an authorized user misusing the privilege he is granted. Intrusion detection allows enterprises to defend their information systems against threats.

Although the current intrusion detection technologies cannot provide a complete protection against attacks, it enhances protection capabilities of enterprises and completes the myriad of security solutions. Intrusion detection products, however, are different from other security products.

Introduction

E-government is to provide a non-stop government information service. The goal is to create a friendly easy-to-use tool for the public and businesses to locate information and use services made available on the net by the government agencies. It aims to provide a large spectrum of public information, authorize a greater and better access to this information, and give more convenience to government services. E-government projects have been started in the mid 1990s in various countries. Each country has assigned its own project with varying focuses, applications, and security mechanisms. Nowadays, some of these projects are in their operational phase, while others are still in the design or prototyping phases. However, as computer power is growing to be cheaper and computer networks are becoming larger and more efficient, many threats against e-government have been observed lately. Threats unfortunately tend to reduce the efficiency of e-government and limit its promises.

Introduction to Part III

The Internet is growing to be the major means through which the services can be delivered electronically to businesses and customers. Today, the current developments in service provision through communication networks are moving from tightly joined systems towards services of loosely linked and dynamically bound components. The evolution in this category of applications is represented by a new paradigm, the so-called e-service, for which project developers and service providers are encouraging the definition of techniques, design of methods, and construction of tools as well as infrastructures for supporting the design, development, and operation of e-services and e-government systems. The development of e-services can increase the business opportunity for making available value-added e-services by: composing existing e-services (which may be supplied by different providers), customizing and updating e-services, or creating them from formal specifications.

Service composition appears to be an important issue that can provide a competitive advantage for organizations since they can reduce the needed effort and increase the efficiency of e-services to build. Recently, many e-services have been made publicly accessible and therefore are offered in an unsecured manner. However, some among these e-services will need to use encrypted communications and authentication services. To provide security mechanisms for the operation of e-services at a low level granularity, it is important to define: (a) how the e-services authenticate customers in a reasonable fashion; (b) how e-services' standards address the problem of securing the assets in offering e-services; and (c) how cryptographic elements are managed and distributed.

Introduction

As stated in the previous chapters, entity authentication can be defined as the process through which the identity of an entity (such as an individual, a computer, an application, or a network) is demonstrated. Authentication involves two parties, a prover (called also claimant) and a verifier (called also recipient). The prover presents its identity and a proof of that identity. The verifier ensures that the prover is, in fact, who he/she claims to be by checking the proof. Authentication is distinct from identification, which aims at determining whether an individual is known to the system. It is also different from authorization, which can be defined as the process of granting the user access to specific system resources based on his/her profile and the local/global policy controlling the resource access. In the following sections, however, we will use the terms identification and authorization to designate the same concept.

Message authentication, on the other hand, provides the assurance that a message has not been modified during its transmission.

Introduction to Part IV

The use of communication technologies has become a crucial factor that is able to considerably improve and affect the productivity of an organization. The need to secure information systems and networked infrastructures is now commonplace in most enterprises. This is essentially due to the importance of the information transmitted across communication networks and stored in networked servers. As a consequence, strong links are being built between security and the enterprise business activity and various tools have been made available for enterprises. These tools include, but are not limited to, filters and firewalls, intrusion detection systems, anti-malicious software systems, virtual private networks and risk management systems.

Intrusion detection systems analyze system and user operations in computer and network platforms in search for an activity that can be considered undesirable from a security point of view. Because of the complicated structures of attacks, data sources for intrusion detection include audit information, network traffic, application logs, and data collected from monitors controlling system behavior. Generated alerts are correlated in order to reduce the number of false alarms, detect efficiently multi-action attacks, and propose responses to the detected intrusions. On the other hand, risk management, which is the discipline that deals with the determination of vulnerabilities and threats, is an important aspect in securing enterprises. It integrates a list of architectures, techniques, and models to evaluate properly whether a current state of an enterprise is encountering threats.

Introduction

The development of information and communication technologies, especially the Internet, has prompted enterprises to redesign their communication infrastructure in order to take benefit of this visibility factor and re-engineer their business processes by implementing projects online, managing virtual enterprises, and externalizing their activities. Renovation and ICT use have contributed significantly to the success of many companies. Nevertheless, the current growth of digital attacks has caused decision makers in enterprises to doubt the confidence in information technology. In fact, security incidents that occurred recently (as discussed in the previous chapters) have emphasized three important facts: (a) computer network attacks can induce a huge damage on business activity, (b) many of the attacked enterprises have active security infrastructures at the moment the security incident occurred, and (c) the security infrastructure costs vary highly from one enterprise to the other based on the security policy adopted and the nature of the activity performed by the enterprise.

Security of e-based systems and computer networks has become an important issue recently due to the increased dependence of organizations and people on such systems. The risk of accessing an e-commerce, or e-government system or Web site ranges from invasion of privacy and loss of money to exposing national security information and catastrophe. E-security solutions aim to provide five important services: authentication of users and actors, integrity, confidentiality of communication, availability of business services and non-repudiation of transactions. Most e-security solutions that are provided by the literature use two main cryptographic techniques: public key cryptosystems and digital signatures. Efficient solutions also should be compliant with the national legal framework.

There are multibillion dollars being invested in computer networks and e-systems; therefore, securing them is vital to their proper operation as well as to the future of the organizations and companies and national security. Due to the difficulties in securing the different platforms of e-systems, and the increasing demand for better security and cost-effective systems, the area of e-system and network security is an extremely rich field for research, development and investment. Security of e-systems provides in-depth coverage of the wide range of e-system security aspects including techniques, applications, trends, challenges, etc.

This book is the first book that is dedicated entirely to security of e-systems and networks. It consists of four main parts with a total of 14 chapters.

Chapter 1 describes the importance of system security and presents some relevant concepts in network security and subscribers' protection.

Introduction and rationale

The growth of Wireless Local Area Networks (WLANs) since the mid 1980s was triggered by the US Federal Communications Commission (FCC) determination to authorize the public use of the Industrial, Scientific and Medical (ISM) bands. This decision abolished the need for companies and end users to obtain FCC licenses in order to operate their wireless products.

Introduction

Recent advances in Internet computing, paired with the increase in network resources and end-node processing capabilities, have led to the growing need of organizations and administrations to use large Intranets to connect their offices, branches, and information systems. They also pushed for the development of e-services for the need of their customers. All the emerging applications and e-services have different notions of the concept of resource. They share one thing in common: the need to grant or restrict access to their resources according to the security policy appropriate to that e-service.

Resources handled by e-services are of different types. While a clinical information system considers that a resource is a patient's record, a banking payment system considers accounts and money as the major resources to manage (Guemara-ElFatmi et al., 2004).

Introduction

E-commerce security has become a serious concern for enterprises and citizens who rely on distributed digital processing in their daily operations. From a customer's perspective, the purpose of an e-commerce system is to enable the customer to locate and purchase a desired good (tangible or intangible) or service over the Internet when he/she is interested in getting it. Its function is to provide a virtual store. From a merchant's perspective, the key function of an e-commerce system is to generate higher revenues than the merchant would achieve without the system. To this end, the e-commerce system must recreate or utilize existing data and business processes and provide other processes to facilitate electronic purchase and provide product information, inventory systems, customer service, and transaction capabilities including credit authorization, tax computation, financial settlement, as well as delivery. Additional functions of an e-commerce system are to help redefine and enhance an enterprise's capability, customer-service capability, and delivery effectiveness.

MIMO wireless communication

The use of multiple antennas at the transmitter and receiver in wireless systems, popularly known as MIMO (multiple-input multiple-output) technology, has rapidly gained in popularity over the past decade due to its powerful performance-enhancing capabilities. Communication in wireless channels is impaired predominantly by multi-path fading. Multi-path is the arrival of the transmitted signal at an intended receiver through differing angles and/or differing time delays and/or differing frequency (i.e., Doppler) shifts due to the scattering of electromagnetic waves in the environment. Consequently, the received signal power fluctuates in space (due to angle spread) and/or frequency (due to delay spread) and/or time (due to Doppler spread) through the random superposition of the impinging multi-path components. This random fluctuation in signal level, known as fading, can severely affect the quality and reliability of wireless communication. Additionally, the constraints posed by limited power and scarce frequency bandwidth make the task of designing high data rate, high reliability wireless communication systems extremely challenging.

MIMO technology constitutes a breakthrough in wireless communication system design. The technology offers a number of benefits that help meet the challenges posed by both the impairments in the wireless channel as well as resource constraints. In addition to the time and frequency dimensions that are exploited in conventional single-antenna (single-input single-output) wireless systems, the leverages of MIMO are realized by exploiting the spatial dimension (provided by the multiple antennas at the transmitter and the receiver).