UNIT-1: COMPUTER SYSTEM SECURITY INTRODUCTION

Introduction:
This is the age of universal electronic connectivity, where the activities like
hacking, viruses, electronic fraud are very common. Unless security measures are
taken, a network conversation or a distributed application can be compromised
easily.

Some simple examples are:

• Online purchases using a credit/debit card.
• A customer unknowingly being directed to a false website.
• A hacker sending a message to a person pretending to be someone else.

Network Security has been affected by two major developments over the last
several decades. First one is introduction of computers into organizations and the
second one being introduction of distributed systems and the use of networks and
communication facilities for carrying data between users & computers. These two
developments lead to ‘computer security’ and ‘network security’, where the
computer security deals with collection of tools designed to protect data and to
thwart hackers. Network security measures are needed to protect data during
transmission. But keep in mind that, it is the information and our ability to access
that information that we are really trying to protect and not the computers and
networks.

Why We Need Computer System (Information) Security?

Because there are threats

Threats
A threat is an object, person, or other entity that represents a constant danger to an
asset The 2007 CSI survey

• 494 computer security practitioners

• 46% suffered security incidents
• 29% reported to law enforcement
• Average annual loss $350,424 1/5 suffered targeted attack
• The source of the greatest financial losses?
 • Most prevalent security problem
• Insider abuse of network access
• Email

Threat Categories
• Acts of human error or failure.
• Compromises to intellectual property.
 • Deliberate acts of espionage or trespass
• Deliberate acts of information extortion
• Deliberate acts of sabotage or vandalism
• Deliberate acts of theft
• Deliberate software attack
• Forces of nature
• Deviations in quality of service
• Technical hardware failures or errors
• Technical software failures or errors
• Technological obsolesce

Computer Security - generic name for the collection of tools designed to protect
data and to thwart hackers.

Network Security - measures to protect data during their transmission.

Internet Security - measures to protect data during their transmission over a

collection of interconnected networks.

ASPECTS OF SECURITY

Consider 3 aspects of information security:

• Security Attack
• Security Mechanism
• Security Service

SECURITY ATTACK
Any action that compromises the security of information owned by an organization
Information security is about how to prevent attacks, or failing that, to detect
attacks on information-based systems often threat & attack used to mean same
thing have a wide range of attacks can focus of generic types of attacks.
 • Passive
• Active

Passive Attack-This is when sensitive information is screened and monitored,

potentially compromising the security of enterprises and their customers.

Active Attack- This is when information is altered by a hacker or destroyed

entirely.

INTERRUPTION
An asset of the system is destroyed or becomes unavailable or unusable. It is an
attack on availability.

Examples:
Destruction of some hardware
Jamming wireless signals
Disabling file management systems

INTERCEPTION
An unauthorized party gains access to an asset.
Attack on confidentiality.

Examples:
• Wire tapping to capture data in a network.
• Illicitly copying data or programs.
• Eavesdropping.
•

MODIFICATION
When an unauthorized party gains access and tampers an asset. Attack is on
Integrity.

Examples:
• Changing data file
• Altering a program and the contents of a message
FABRICATION- An unauthorized party inserts a counterfeit object into the
system. Attack on Authenticity. Also called impersonation.

Examples:
Hackers gaining access to a personal email and sending message
Insertion of records in data files
Insertion of spurious messages in a network

SECURITY SERVICES
It is a processing or communication service that is provided by a system to give a
specific kind of production to system resources. Security services implement
security policies and are implemented by security mechanisms.

Confidentiality
Confidentiality is the protection of transmitted data from passive attacks. It is used
to prevent the disclosure of information to unauthorized individuals or systems. It
has been defined as “ensuring that information is accessible only to those
authorized to have access”. The other aspect of confidentiality is the protection of
traffic flow from analysis. Ex: A credit card number has to be secured during
online transaction.

Authentication
This service assures that a communication is authentic. For a single message
transmission, its function is to assure the recipient that the message is from
intended source. For an ongoing interaction two aspects are involved. First, during
connection initiation the service assures the authenticity of both parties. Second,
the connection between the two hosts is not interfered allowing a third party to
masquerade as one of the two parties. Two specific authentication services defines
in X.800 are
Peer entity authentication: Verifies the identities of the peer entities involved in
communication. Provides use at time of connection establishment and during data
transmission. Provides confidence against a masquerade or a replay attack.

Data origin authentication: Assumes the authenticity of source of data unit, but
does not provide protection against duplication or modification of data units.
Supports Applications like electronic mail, where no prior interactions take place
between communicating entities.
Integrity
Integrity means that data cannot be modified without authorization. Like
confidentiality, it can be applied to a stream of messages, a single message or
selected fields within a message. Two types of integrity services are available.

They are
Connection-Oriented Integrity Service: This service deals with a stream of
messages, assures that messages are received as sent, with no duplication,
insertion, modification, reordering or replays. Destruction of data is also covered
here. Hence, it attends to both message stream modification and denial of service.

Connectionless-Oriented Integrity Service: It deals with individual messages

regardless of larger context, providing protection against message modification
only.
An integrity service can be applied with or without recovery. Because it is related
to active attacks, major concern will be detection rather than prevention. If a
violation is detected and the service reports it, either human intervention or
automated recovery machines are required to recover.

Non-repudiation
Non-repudiation prevents either sender or receiver from denying a transmitted
message. This capability is crucial to e-commerce. Without it an individual or
entity can deny that he, she or it is responsible for a transaction, therefore not
financially liable.

Access Control
This refers to the ability to control the level of access that individuals or entities
have to a network or system and how much information they can receive. It is the
ability to limit and control the access to host systems and applications via
communication links. For this, each entity trying to gain access must first be
identified or authenticated, so that access rights can be tailored to the individuals.

Availability
It is defined to be the property of a system or a system resource being accessible
and usable upon demand by an authorized system entity. The availability can
significantly be affected by a variety of attacks, some amenable to automated
counter measures i.e authentication and encryption and others need some sort of
physical action to prevent or recover from loss of availability of elements of a
distributed system.
SECURITY MECHANISMS
According to X.800, the security mechanisms are divided into those implemented
in a specific protocol layer and those that are not specific to any particular protocol
layer or security service. X.800 also differentiates reversible & irreversible
encipherment mechanisms. A reversible encipherment mechanism is simply an
encryption algorithm that allows data to be encrypted and subsequently decrypted,
whereas irreversible encipherment include hash algorithms and message
authentication codes used in digital signature and message authentication
applications.

Specific Security Mechanisms

Incorporated into the appropriate protocol layer in order to provide some of the
OSI security services-

Encipherment: It refers to the process of applying mathematical algorithms for

converting data into a form that is not intelligible. This depends on algorithm used
and encryption keys.

Digital Signature: The appended data or a cryptographic transformation applied to

any data unit allowing to prove the source and integrity of the data unit and protect
against forgery.

Access Control: A variety of techniques used for enforcing access permissions to

the system resources.

Data Integrity: A variety of mechanisms used to assure the integrity of a data unit
or stream of data units.

Authentication Exchange: A mechanism intended to ensure the identity of an

entity by means of information exchange.

Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.

Routing Control: Enables selection of particular physically secure routes for

certain data and allows routing changes once a breach of security is suspected.

Notarization: The use of a trusted third party to assure certain properties of a data
exchange.
Pervasive Security Mechanisms
These are not specific to any particular OSI security service or protocol layer.

Trusted Functionality: That which is perceived to b correct with respect to some

criteria Security Level: The marking bound to a resource (which may be a data
unit) that names or designates the security attributes of that resource.

Event Detection: It is the process of detecting all the events related to network
security. Security Audit Trail: Data collected and potentially used to facilitate a
security audit, which is an independent review and examination of system records
and activities.

Security Recovery: It deals with requests from mechanisms, such as event

handling and management functions, and takes recovery actions.

MODEL FOR NETWORK SECURITY

Data is transmitted over network between two communicating parties, who must
cooperate for the exchange to take place. A logical information channel is
established by defining a route through the internet from source to destination by
use of communication protocols by the two parties. Whenever an opponent
presents a threat to confidentiality, authenticity of information, security aspects
come into play. Two components are present in almost all the security providing
techniques.

A security-related transformation on the information to be sent making it

unreadable by the opponent, and the addition of a code based on the contents of the
message, used to verify the identity of sender.
Some secret information shared by the two principals and, it is hoped, unknown to
the opponent. An example is an encryption key used in conjunction with the
transformation to scramble the message before transmission and unscramble it on
reception.
A trusted third party may be needed to achieve secure transmission. It is
responsible for distributing the secret information to the two parties, while keeping
it away from any opponent. It also may be needed to settle disputes between the
two parties regarding authenticity of a message transmission.
The general model shows that there are four basic tasks in designing a particular
security service:
1. Design an algorithm for performing the security-related transformation. The
algorithm should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the
security.

Algorithm and the secret information to achieve a particular security service

various other threats to information system like unwanted access still exist. The
Existence of hackers attempting to penetrate systems accessible over a network
remains a concern. Another threat is placement of some logic in computer system
affecting various applications and utility programs. This inserted code presents two
kinds of threats.

Information access threats intercept or modify data on behalf of users who

should not have access to that data.

Service threats exploit service flaws in computers to inhibit use by legitimate

users Viruses and worms are two examples of software attacks inserted into the
system by means of a disk or also across the network. The security mechanisms
needed to cope with unwanted access fall into two broad categories.

Some basic terminologies used

• CIPHER TEXT - the coded message

• CIPHER - algorithm for transforming plaintext to cipher text
• KEY - info used in cipher known only to sender/receiver
• ENCIPHER (ENCRYPT) - converting plaintext to cipher text
• DECIPHER (DECRYPT) - recovering cipher text from plaintext
• CRYPTOGRAPHY - study of encryption principles/methods
• CRYPTANALYSIS (CODEBREAKING) - the study of principles/
methods of deciphering cipher text without knowing key.
• CRYPTOLOGY - the field of both cryptography and cryptanalysis.
Market place for vulnerabilities:

Vulnerable consumers fail to understand their preferences and/or lack the

knowledge, skills, or freedom to act on them. The aim is to significantly replace
trial and error with a robust understanding of markets, markets habitually governed
by social virtues.

Error 404 hacking digital India part 1 chase:

When a "visitor" comes to your site, he or she requests a web page that is specified
to belong to your host. If the named page doesn't exist on your site, then your
server typically responds with a 404 Page.

A 404 error page is a web page on a website which primarily shows visitors a
warning message and explains that visitors just try to access web.
 Hijacking & Defense

Introduction- Cyber hijacking, or computer hijacking, is a type of network

security attack in which the attacker takes control of computer systems, software
programs and/or network communications.

Example- The definition of hijack is to take over something that doesn't belong to
you such as a plane, ship, bus or other vehicle, to commandeer or to take over by
force. When you take control of a conversation others were having and make it all
about you, this is an example of a time when you hijack the conversation.

Defense-in-depth is an information assurance strategy that provides multiple,

redundant defensive measures in case a security control fails or vulnerability is
exploited. Defense-in-depth cyber security use cases include end-user security,
product design and network security.
Control hijacking- A control hijack attack is done by overwriting some of the
data structures in a victim program that affects its control flow and eventually
hijacks the control of the program and possibly the underlying system. Attacks like
these eventually pave way for corrupting or overwriting the data that they were
storing.
Buffer Overflow- A buffer overflow, or buffer overrun, occurs when
more data is put into a fixed-length buffer than the buffer can handle. This
overflow usually results in a system crash, but it also creates the opportunity
for an attacker to run arbitrary code or manipulate the coding errors to
prompt malicious actions.

Integer Overflow Attacks- An integer overflow occurs when you

attempt to store inside an integer variable a value that is larger than the
maximum value the variable can hold.
For example, if an integer data type allows integers up to two bytes or 16 bits in
length (or an unsigned number
ber up to decimal 65,535), and two integers are to be
added together that will exceed the value of 65,535, the result will be integer
overflow.

Format string vulnerabilities

vulnerabilities- The Format String exploit occurs when
the submitted data of an input string iis evaluated as a command by the
application. However, the Format Function is expecting more arguments as
input, and if these arguments are not supplied, the function could read or
write the stack.

The Format Function is an ANSI C conversion function, like printf, fprintf, which
converts a primitive variable of the programming language into a human-readable
human
string representation.

•The Format String is the argument of the Format Function and is an ASCII Z
string which contains text and format parameters, like
like:: printf (“The magic number
is: %d\n”, 1911);
•The Format String Parameter, like %x %s defines the type of conversion of the
format function.

The attack could be executed when the application doesn’t properly validate the
submitted input. In this case, if a Format String parameter, like %x, is inserted into
the posted data, the string is parsed by the Format Function, and the conversion
specified in the parameters is executed. However, the Format Function is expecting
more arguments as input, and if these arguments are not supplied, the function
could read or write the stack.

In this way, it is possible to define a well

well-crafted
crafted input that could change the
behavior of the format function, permitting the attacker to cause denial of service
or to execute arbitrary
rary commands.

If the application uses Format Functions in the source

source-code,
code, which is able to
interpret formatting characters, the attacker could explore the vulnerability by
inserting formatting characters in a form of the website. For example, if the printf
prin
function is used to print the username inserted in some fields of the page, the
website could be vulnerable to this kind of attack, as showed below:

printf (userName);
Defense against control hijacking
hijacking- Complete memory safety, code pointer
integrity, and control flow integrity are some of these defenses. Complete
memory safety can defend against all control hijacking attacks by protecting all
pointers.

Platform defenses- A platform

platform-level
level defense is any runtime enhancement or
configuration change that can be made to increase the application's overall
security.

Marking-memory-as as-non-execute:- Prevent attack code execution

by marking stack and heap as non-executable
executable.
Add runtime code to detect overflows exploits.
Halt process and report when exploit detected.
 Runtime defenses- Runtime application self-protection (RASP) is a security
technology that uses runtime instrumentation to detect and block computer
attacks by taking advantage of information from inside the running software.

With so many vulnerable apps running in the enterprise, the challenge for network
defenders is how to protect those apps from attack. One way is to have the
applications protect themselves by identifying and blocking attacks in real time.
That's what technology called Runtime Application Self-Protection (RASP) does.

RASP is a technology that runs on a server and kicks in when an application runs.
It's designed to detect attacks on an application in real time. When an application
begins to run, RASP can protect it from malicious input or behavior by analyzing
both the app's behavior and the context of that behavior. By using the app to
continuously monitor its own behavior, attacks can be identified and mitigated
immediately without human intervention.