COMMAND LINE TO ADDRESS SECURITY ISSUES

How to Use Command Line to Address Security Issues in Windows Operating Systems

How to Use Command Line to Address Security Issues in Windows Operating Systems

Computer security is a paradoxical term. The vast network of networks known as the Internet is complex, and it is open. As many have observed, without those two characteristics in place, there is no Internet. But with both present, there can be no perfect security, especially since there are many people on the Internet who have an interest in exploiting its weaknesses for simple amusement, for criminal purposes, or even for waging war.

Computer security threats take several forms. First, there are hackers, computer-savvy individuals using their skills to break into computer networks to steal or alter data, or simply to experience the thrill of virtual cat-burglary. Next, there are viruses, destructive programs designed to attach to system files or other handy files in a computer; a virus lies dormant until the file is accessed, and then executes its destructive functions. Third, there are worms, powerful programs that usually gain access to computers through the Internet—often through email, sometimes by Web browsing. Many operate autonomously, but some, like the famous Internet Relay Chat-based PrettyPark worm, are executed only on the command of a hacker. Once worms infect a terminal, they usually seek other computers on the Internet to infect. Some worms, like the email-driven Code Red, have been known to cause many millions of dollars in damage, especially to corporations experiencing expensive down time and the destruction of valuable equipment and data.

One characteristic of the intruder community as a whole is its communication. There are electronic newsgroups and print publications on the latest intrusion techniques, as well as conferences on the topic. Intruders identify and publicize misconfigured systems; they use those systems to exchange pirated software, credit card numbers, exploitation programs, and the identity of sites that have been compromised, including account names and passwords. By sharing knowledge and easy-to-use software tools, successful intruders increase their number and their impact.

Incident Trends

In the late 1980s and early 1990s, the typical intrusion was fairly straightforward. Intruders most often exploited relatively simple weaknesses, such as poor passwords and misconfigured systems, which allowed greater, access to the system than was intended. Once on a system, the intruders exploited one or another well known, but usually unfixed, vulnerability to gain privileged access, enabling them to use the system as they wished.

There was little need to be more sophisticated because these simple techniques were effective. Vendors delivered systems with default settings that made it easy to break into systems. Configuring systems in a secure manner was not straightforward, and many system administrators did not have the time, expertise, or tools to monitor their systems adequately for intruder activity.

Unfortunately, all these activities continue in 1996; however, more sophisticated intrusions are now common. In eight years of operation, the CERT Coordination Center has seen intruders demonstrate increased technical knowledge, develop new ways to exploit system vulnerabilities, and create software tools ...