Monthly Archives: March 2016

What is Cyber Insurance

The use of Internet and information technology has helped small and large businesses to a great extent. They have made their work a lot more easy from what it used to be a few years ago. Even though companies are reaping their benefits, they are exposed to many risks associated with them. The greatest loss to any business in the loss of valuable information. According to research conducted by Poneman Institute, 85% business organizations have suffered losses due to breach in data security. Furthermore, a survey conducted by the FBI suggests that 64% companies suffered huge monetary losses because of hackers in the year 2005. This is why, businesses have now realized the importance of cyber insurance and have started making use of it.

The Product
It is a product like any other insurance policy, that is brought by businesses to protect themselves from risks involved with Internet and information technology. Such risks are not covered under commercial liability policies which is why, the need of such an insurance comes into picture. It provides cover for losses due to hacking, denial of service attacks, destruction or loss of data, etc. Protective measures like anti-spam systems, virus protection, etc., fail at some point in time as they are not 100% foolproof. After a security breach, businesses need to restore their information systems, clean up infected files, etc., due to which they fail to continue their business for quite some time. All this calls for a lot of expenditure in times when they are not making money. At such instances, this coverage supports them to take care of their financial needs.

Coverage Offered
This insurance product provides coverage for liabilities that might arise due to web content and media, private and secure customer information, threat against computer systems and website, business interruption, and recovery of information technology infrastructure. Any loss or financial expenditure occurring due to these events is covered under the policy and claim can be made to make up the losses.

Associated Benefits
First and the most important benefit of cyber insurance is that in case of a security breach, it acts as a funding resource to cover up the losses and bring back businesses to normal working, without raising the need of government assistance. Secondly, it evenly distributes the risks among companies by charging high premiums from the ones having higher risk of such instances, while charging less from businesses with little risk. Lastly, it indirectly encourages businesses to adopt good security measures like tracking website visitors, etc., because companies with poor security systems need to pay higher premiums.

Associated Problems
Despite the benefits, there are some problems associated with this kind of insurance. One is that, insurance companies do not have sufficient actuarial data as this product is recently developed by the insurance industry. Because of this, insurers fail to estimate the amount of premium that must be charged so that in case of an event, the insurer has enough finance for claim settlement. Secondly, insurers fear “cyber-hurricanes”. This is a term used for situations when excessive number of claims arise due to a security breach. Such situations are difficult to manage by the insurer and may drain them out completely.

Premium Charged
Like other insurance products, the premium charged depends on the coverage amount and the risks involved. Typically, for $1 million coverage, the premium charged is $3,500 with a deductible of $5,000. This amount is not fixed and may vary depending on the insurer and the time of issuance of the policy. The amount of premium charged is higher for business with relatively poor security measures as compared to the ones who are better equipped.

No matter how stringent a company’s security measures are, it always has some kind of threat. To save themselves from financial crunch during such untoward situations, many companies are now opting for cyber insurance. It is true that this product is a costly affair nowadays, but it will gradually become simpler and cheaper as more and more insurance companies will start offering this product in the market.


How to Prevent Email Bombing

Email bombing is the process of sending large number of mails into someone’s mailbox, with an intent to affect the operating system of a computer or a network. It is also termed as email flooding, as the targeted mailbox is flooded with a barrage of mails. When your mailbox is flooded with unwanted and junk emails, your mailbox capacity will get exhausted and you won’t be able to receive any mails further. This action prevents you from reading the legitimate mails. It can even be used to completely overload any company’s mail server. It is done intentionally with an intent to affect the DOS (Disk Operating System) of a computer.

The intensity of email bombing can also result in crashing of the operating system and the mail servers. It has the capacity to consume the whole system. By limiting the user quota to a certain capacity, it can help to restrict its overflow. The hacker aims to shut down the website of a victim, by sending email bombs. The first known incident of email bombing was done by Tamil guerrilla groups against the Sri Lankan government. Tamil guerrillas swamped the system of Sri Lankan embassies with an email containing the message ~ “We are the Internet Black Tigers and we’re doing this to disrupt your communications”.

Causes of Email Bombing

Overloading of the network connection
Loss of connectivity
Denial of service
Consumption of all system resources
Syslog entries

Preventive Measures

Use Proxy Servers
If the email bombs are incoming from many IP addresses, it’s difficult to spam and filter each and every mail from those addresses. In this case, employing proxy servers will help to minimize the problem. The computers in a particular network, will be connected to a proxy server, which is another computer. The client computers request for information and resources of other computers, to the proxy server. The proxy server addresses the request and sends the information, after filtering the messages which is done according to the filtering rules of the proxy. It checks for malware content and filters the messages from suspicious IP addresses and protocols before transmitting it to its clients. In this way, proxy servers, protect the network and also take on the complexity of the computer networks.

Monitor Simple Mail Transfer Protocol
Simple Mail Transfer Protocol (SMTP) is a method of authenticating the exchange of messages that are transmitted or received across the Internet protocols. The clients in the network use Post Office Protocol (POP) or the Internet Message Access Protocol (IMAP), of their system to access their mailbox. The Mail Submission Agent, sends a mail or transfers any information to the Mail Transfer Agent (MTA), through SMTP. The MTA connects to the SMTP and then analyzes the mail exchange record and the IP address of the sender, and then only accepts the message. Security mechanisms such as authentication and negotiation are processed during the exchange of data. Internet Engineering Task Force (IRTF), is working on the authentication process and finding ways to strengthen this system, as the complexity of the system is growing rapidly.

Use Mail Filter Applications
Filter packages are exclusionary schemes that are used to filter the mails according to the source addresses. For windows and Mac OS computers, I have listed some filter package tools below.

Mail Siphon (Mac OS)
Musashi (Mac OS)
Email Chomper (Windows 95/85/NT)
Spam Buster (Windows 9x/ ME/ NT/ XP/ 2000)
SpamKiller (Windows 9x/ ME/ NT/ XP/ 2000)

How Can You Do Against Email Bombing?

Identification: If your system becomes sluggish or if you are not able to send or receive mails, it could be because your mailer is trying to process many number of mails.
If you find an email bomb, configure your router using your Network Service Provider, after identifying itssource.
Update the current version of your email delivery software.
Spamming the emails may also help to some extent. But it is never the permanent solution.
Prevention: Configure your mail handling system and firewall, properly. Most importantly, don’t propagate the problem by replying to the spammed mails.

Examples of Email Bombs and their Filenames

Anyway, it won’t help you to prevent email bombers from attacking your computers, but if you are running a network having multiple users, then you can check these filenames in the hard disk drives of your network and thereby you can prevent your users from attacking other computers by email bombing. Take a look at the list.

Email Bomb Filename
Gatemail gatemail.c
Ghost Mail
The Windows Email Bomber
Unix Mailbomber mailbomb.c
The Unabomber,
Up Yours,
Serpent (Linux)

Identifying the IP address from which the email bomb is received and directly contacting the postmaster is also an effective way to prevent it. They can also lead to malfunctioning of the mail servers and also results in denial of service. One such case occurred when a hacker bombed the systems in Monmouth University in New Jersey, which caused temporary halt of the whole mail server.

There are many instances of email bombing, one of which even affected the NATO computers in the year 1988. The whole network of The Institute of Global Communications (IGC), was attacked by email bombers for creating the online publication of Euskal Herria journal, for supporting and writing about Basque separatist movement, which was very active during the time. One thing to be kept in mind is, these are just preventive measures. There is no permanent solution to completely getting rid of email bombs.


Internet Security

Internet SecurityInternet security is a term that refers to methods aimed at protecting data and personal information from unauthorized access. Considering the worldwide usage of the Internet, security on this platform is an important issue. Netizens need to be well aware of the problems associated with online security.

Internet Security Measures

Here’s an overview of the most important security measures and technologies widely implemented over the Internet. Implementing one or more of these methods will go a long way in securing your data online.

Data Encryption: Encryption is wrapping up or converting the original information into an unintelligible form that can only be decoded using a certain method. The encrypted form is called cipher text.

Password Usage: Passwords are used to prevent illegal access to networks to secure the entire system as a whole. Construction of passwords should be in a way that the other people do not easily guess it. Alphanumeric passwords with symbols used in between can be harder to crack.

Firewalls: A firewall is a software that filters illegitimate access in a network. It should be properly configured and has to be combined with a proxy firewall to build a secure system.

Backing up Data: Regular data backup of a system is an essential that can help retrieve data in the event of a system crash. If the computer suddenly crashes or the operating system fails to boot due to a virus attack, the data backup can really come in handy.

Using Antivirus Software: Computers may be affected by viruses, trojans, worms etc. due to some infected files downloaded from the Internet. These viruses are nothing but programs that install themselves and operate whenever the host programs run, causing malicious attacks.

The viruses either replicate or implement a function that affects the system files of the computer, leading to corruption of the operating system, in some cases. These viruses can be removed by using antivirus software that detects and removes them, to heal the system. These software programs run in the background, along with other programs to prevent malicious attacks.

Avoiding Baleful Links: People can prevent their system from getting affected by a virus, by avoiding clicking on unnecessary links, often mediated via emails and websites. Certain links may lead to file downloads unexpectedly. These pose a security risk to your computer, and hence should be avoided.

Routers with Encryption Facility: Using routers with in-built encryption technology can secure your your wireless Internet connection and prevent snooping by external sources.

Preventing Spyware: Several software programs pose a threat to Internet security. The software that runs along with other applications, without the permission of a user, gathering information and sending it to hackers through the internet, is known as spyware. Another software called ad-ware works similar to spyware. In addition, it pops up advertisements during Internet access and increases the CPU cycles, slowing down the computer. Antivirus software, with inbuilt antispyware or adware removal functionality, can be of great help in preventing such intrusions.

Using antivirus and antivirus software alone will not prevent the intrusion of viruses. Personal caution is also required while using Internet. Unwanted sites and potentially harmful links have to be avoided. Automatic updates should be enabled for the antivirus software, so that it is up-to-date in terms of known virus threats. All this will greatly enhance the security level of your system.


Network Security Options

It is possible to divide network security into two general classes: methods used to protect data as it transits a network, and methods which control which packets may transit the network. While both drastically affect the traffic going to and from a site, their aims are quite different.

1. Transit Security
There are no systems in use which keep data secure as it transits a public network. There are a number of methods available to encrypt traffic between sites. Two general approaches are as follows:

Virtual Private Networks
It constructs a private network by using TCP/IP to support the lower levels of a second TCP/IP stack. In a encapsulate form, IP traffic is sent across various forms of physical networks. Each system that attaches to the physical network implements a standard for sending IP messages over that link. Standards for IP packet transmission across various types of links exist, and the most common are Ethernet and Point-to-Point links. Once an IP packet is received it is given to higher layers of the TCP/IP stack for processing.

When a virtual private network is designed, the lowest levels of the TCP/IP protocol are developed using an existing TCP/IP connection. There are a variety of ways to achieve this which trade-off between abstraction and efficiency. This provides a benefit in terms of secure data transfer, as a VPN allows complete control over the physical layer. It is completely within the network designer’s power to encrypt the connection at the physical layer. By allowing this, all traffic over the VPN will be encrypted whether it is at the application layer or at the lowest layers of the stack. The primary benefits of VPNs are that they offer private address space, and also provide packet encryption or translation overhead to be done on dedicated systems, reducing the load placed on production machines.

Packet Level Encryption
Another way is to encrypt traffic at a higher layer in the TCP/IP stack. Many methods are present for the secure authentication and encryption of Telnet and rlogin sessions, which are examples of encryption at the highest level of the stack (the application layer). The benefits of encrypting traffic at the higher layer are that the processor overhead of dealing with a VPN is reduced, compatibility with current applications is not affected, and it is much easier to compile a client program that supports application layer encryption, than to build a VPN.

The above methods have a performance impact on hosts that implement the protocols, and on the networks that connect to those hosts. The easiest way of encapsulating or converting a packet into a new form requires CPU-time and uses additional network capacity. Encryption is a CPU-intensive process, and encrypted packets need to be padded to uniform length to warranty the robustness of some algorithms. Further, both methods have impacts on other areas that require to be considered before any choice is made as to which is best for a particular case.

2. Traffic Regulation
The most common form of network security on the Internet is traffic regulation. If packets which do something malicious to a remote host never get there, the remote host will remain unaffected. Traffic regulation offers a screen between hosts and remote sites. This happens at three basic areas: routers, firewalls, and hosts. Each offers similar service at different points in the network.

a. Router Traffic Regulation
Any traffic regulation that takes place on a router or terminal server is based on packet characteristics. This does not contain application gateways but does contain address translation.

b. Firewall Traffic Regulation
By applying gateways, traffic regulation or filtering is performed.

c. Host Traffic Regulation
Traffic regulation is performed at the destination of a packet. In traffic regulation, hosts are playing a smaller role with the advent of filtering routers and firewalls.

Filters and Access Lists
Regulating packet flow between two sites is a fairly simple concept on the surface. For any router or firewall, it isn’t difficult to decide simply not to forward all packets from a particular site. A few basic techniques are:

i. Restricting Access In but Not Out
All packets are sent to destination UDP or TCP sockets. From remote hosts, packets will attempt to reach one of the well-known ports. These ports are observed by applications which offer services, such as Mail Transfer, Delivery, Usenet News, time, Domain Name Service, and various login protocols. It is unimportant for modern routers or firewalls only to permit these types of packets through to the specific machine that offers a given service. Attempts to send any other type of packet will not be allowed. This protects the internal hosts but still permits all packets to get out.

ii. The Problem of Returning Packets
Unless remote users use a secure, encrypting application such as S/Key they cannot log into your system. Using Telnet or FTP, users can connect to remote sites. Restrict remote connections to one type of packet, and permit any type of outgoing connection. Due to the nature of interactive protocols, they must consult a unique port number to use once a connection is established.

Modern routers and firewalls support the ability to dynamically open a small window for these packets to pass through, if packets have been recently transmitted from an internal host to the external host on the same port. This permits connections that are initiated internally to connect and denies external connection attempts unless they are desired.

iii. Dynamic Route Filters
When a particular set of circumstances occur, a new recent technique offers the ability to dynamically add entire sets of route filters for a remote site. Using these techniques, it is possible that routers automatically detect suspicious activity and deny a machine or entire site access for a short time. In many cases, this will prevent any sort of automated attack on a site.

Filters and access lists took place on all three types of systems, although they are most common on routers.

There are two types of network security: transit security and traffic regulation, which when combined can help warranty that the right information is securely transported to the right place. It should be clear that there is a requirement for ensuring that the hosts that receive the information will properly process it, this lifts up the entire specter of host security: a wide area which varies tremendously for each system. With the growth in the business use of the Internet, network security is rapidly becoming vital to the development of the Internet. Security will become integral part of our day-to-day use of the Internet and other networks.