Systems Security
1.2 Security Risks for Hardware and Peripheral Devices
When it comes to security for hardware and peripherals, there is a multi-layer necessity that has to be in place. Without these layers of protection to safe-keep data and other information, the security of a computer and even an entire network can be put at risk. For the 1.2 section of the test, you’ll want to be aware of these risks.BIOS (basic input/output system) – BIOS is the software/firmware installed on a hard drive’s EEPROM. Once booted, BIOS will initiate most of the hardware components such as the video card, sound card, optical drive, and so on. BIOS attacks are extremely popular and have been for some time because of the amount of ‘power’ that BIOS has. These attacks are also popular because is it rare that many people take the time to monitor and/or secure the BIOS. BIOS can be exploited manually as well as through malicious code sent to infect it.
Cell phones – The amount of things you can do with a cell phone continues to grow and more of the most recent advances are focused on interaction with the internet; just think of the iPhone. Because of this, cell phones are becoming a huge threat to security. Not only can cell phones be used to transport malicious code and/or confidential data, they can be used to obtain personal information. The other problem comes about when the cell phone is used as a USB device.
USB devices – Almost all people who have some sort of need to use a computer own a USB device. Most portable devices nowadays, including video cameras, cell phones, digital cameras, and others all connect to the computer through the USB port. Even though this method is extremely convenient and easy for the user, these devices pose a huge security threat. For one, most computers built recently can be booted off of a USB. This gives the user the chance to boot using another OS which then overrides the originally installed OS. Also, USB devices can be used to leak sensitive information as well as to place malicious code onto a hard drive.
Removable storage – Removal storage is another convenient yet security-compromising tool. These devices include smartcards, flashcards, CD-Rs, DVD-Rs, and so on. For the same reasons as mentioned, removable storage is dangerous because it can be used to share confidential data as well as to infect a computer through malicious code.
Network attached storage – Network attached storage is connected directly to the LAN that is used as a means to store network files without a dedicated file server. Think of this type of storage as a ‘smarter’ hard drive with the ability to communicate with the network. The problem with NAS is that rogue users can exploit the device and gain all sorts of information that may be highly confidential. Malicious code and data corruption are possible as well.
Security risks will always be alive and well as long as we have computers, the internet, and people who are unwilling or uneducated on securing their hardware and peripherals. However, these risks are taken much more seriously now. In 2008, the Department of Defense as well as certain military institutions banned the use of USB devices on government-owned computers. The ban was put in place after several computers were infected with the Agent.btz. Virus and the SillyFDCWorm. In May of 2010, Threats Report: First Quarter 2010 reported that the biggest thread was a worm that infected a computer and any USB devices that would be connected to it.
No comments:
Post a Comment