Mindoro State University

College of Computer Studies

Module 5 :
Computer and Information Security
Prepared by:

JENNIE T. FERNANDO
Assistant Professor I
E-mail Address: [email protected] /[email protected]
Mobile Number: +639778254102/ +639885804531

ITP 222
ITC :111
QUANTITATIVE METHODS
: INTRO TO COMPUTING Bachelor of Science in Information Technology
 College
College of
of
Computer
Computer
Studies
Studies

At the end of the lesson, the learners should be able to:

 Understood the need for security.

 Identified different threats and attacks when using
computer
 Utilized different security tools to prevent damages
and losses.
 Identified different cryptographic algorithms

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

➢ Security - the quality or state of being secure or safe (Merriam

Webster Dictionary)
➢ Protection of computer systems and information from harm, theft,
and unauthorized use (Encyclopedia Britannica)
➢ Measures and controls that ensure confidentiality, integrity and
availability of information systems assets (National Institute of
Standards and Technology Glossary)
➢ Information security – protection of information and information
systems from unauthorized access, use, disclosure, disruption,
modification, or destruction to provide confidentiality, integrity and
availability.
ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

➢ Need arose during World War II when the 1st mainframes developed
to aid computations for communication code-breaking were put to
use
➢ Multiple levels of security were implemented to protect mainframes
and maintain the integrity of data
➢ Access to sensitive military locations was controlled utilizing badges,
keys and facial recognitions of authorized personnel
➢ One of the 1st documented security problems occurred in 1960s
when as system administrator was working on a message of the day
(MOTD) file and another administrator was editing the password file.

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

Key Dates for Seminal Works

in Early Computer Security

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

 Today, the Internet brings millions of unsecured computer networks

into continuous communication with each other.
 The security of each computer’s stored information is now contingent
on the level of security of every other computer to which it is
connected.
 The growing threat of cyber attacks has made governments and
companies more aware of the need to defend the computer-controlled
control systems of utilities and other critical infrastructure.
 There is also growing concerned about nation-states engaging in
information warfare, and the possibility that business and personal
information systems could become casualties if they are undefended.
ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

 Access – subject or object’s ability to use, manipulate, modify, or

affect another subject or object
 Asset – organizational resource that is being protected, can be logical
or physical
 Attack – intentional or unintentional act that can cause damage to or
otherwise compromise information and/or the systems that support it,
can be active or passive and direct or indirect
 Control, safeguard or countermeasure – security mechanisms,
policies or procedures that can successfully counter attacks, reduce
risk, resolve vulnerabilities and improve the security

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

 Exploit – technique used to compromise a system

 Exposure – condition or state of being exposed
 Loss – single instance of an information asset suffering damage or
unintended or unauthorized modification or disclosure
 Protection profile or security posture – entire set of controls and
safeguards including policy, education, training and awareness, and
technology that the organization implements to protect the asset
 Risk – probability that something unwanted will happen

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

 Subjects and objects – an agent entity used to conduct the attack

and target entity

 Threat – category of objects, persons or other entities that presents a

danger to an asset, can be purposeful or undirected
 Threat agent – specific instance or a component of a threat
 Vulnerability – weakness or fault in a system or protection
mechanism that opens it to attack or damage

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
 Confidentiality – concealment of information or resources

 Integrity – trustworthiness of data in the systems

 Availability – ability to access data of resource when it is needed

 Authenticity – confirms that the identity of the user is genuine and legitimate

 Non-reputation – way of assurance that message transmitted is accurate

 Utility - use for any purpose or reason

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

Threat – an object,
person or other
entity that presents
an ongoing danger
to an asset

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
Attack – act that takes advantage of a vulnerability to compromise a controlled
system
Vulnerability – identified weakness in a controlled system where controls are not
present or are no longer effective

➢ Malicious Code (aka Malware) – includes the execution of viruses, worms,

Trojan horses, and active Web scripts with the intent to destroy or steal
information
➢ Virus – consists of segments of code that perform malicious actions
➢ Worms – named for the tapeworm in John Brunner’s novel The Shockwave Rider, malicious program
that replicates itself constantly without requiring another program environment
➢ Trojan horse – software programs that hide their true nature and reveal their designed behavior only
when activated
➢ Polymorphic threats – one that over time

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Hoaxes - the transmission of a virus hoax with a real virus attached. When the
attack is masked in a seemingly legitimate message, unsuspecting users more
readily distribute it.

➢ Back door or Trap door - an attacker can gain access to a system or network
resource through a back door

➢ Password Crack - Attempting to reverse-calculate a password

➢ Brute Force - The application of computing and network resources to try every
possible password combination

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Dictionary - a variation of the brute force attack which narrows the field by
selecting specific target accounts and using a list of commonly used passwords
(the dictionary) instead of random combinations

➢ Denial of Service (DOS) and Distributed

Denial of Service (DDOS) - the attacker
sends many connection or information
requests to a target. So many requests
are made that the target system becomes
overloaded and cannot respond to
legitimate requests for service

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Spoofing - used to gain unauthorized
access to computers, wherein the intruder
sends messages with a source IP address
that has been forged to indicate that the
messages are coming from a trusted host.

➢ Spam - It is unsolicited commercial e-mail

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Man in the Middle - an attacker monitors (or sniffs) packets from the network,
modifies them, and inserts them back into the network. This type of attack uses
IP spoofing to enable an attacker to impersonate another entity on the network

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Social Engineering - using social skills to convince people to reveal access
credentials or other valuable information to the attacker

➢ Mail Bombing - an attacker routes large quantity of e-mail to the target

➢ Sniffers - a program or device that can monitor data traveling over a network

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Phishing - an attempt to gain personal or financial information from an individual,
usually by posing as a legitimate entity

➢ Pharming - redirection of legitimate Web traffic (e.g., browser requests) to an

illegitimate site for the purpose of obtaining private information

➢ Timing Attack - explores the contents of a Web browser’s cache and stores a
malicious cookie on the client’s system

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

1. Firewalls – hardware, software or a combination of both that is used to prevent

unauthorized programs or internet users from accessing a private network and/or
single computer

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

2. Antivirus software
3. PKI services
4. Managed detection and response service (MDR)
5. Penetration testing
6. Staff training

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

Firewall – acts as a security gateway between two networks and tracks and controls
network communications

Hardware firewall – protect an entire network, implemented on the router level,

usually more expensive and harder to configure

Software firewall – protect a single computer, usually less expensive and easier to
configure

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
Plaintext/Cleartext – data that can be read and understood without any special
measures

Encryption – method of disguising plaintext to hide its substance

Ciphertext – unreadable gibberish resulted in encrypting plaintext

Decryption – process of reverting ciphertext to its original plaintext

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
Cryptography – science of using mathematics to encrypt and decrypt data

Cryptanalysis – science of analyzing and breaking secure communication

How does cryptography work?

Cryptographic algorithm or cipher – mathematical function used in encryption and
decryption process
Works in a combination with a key – a word, number or phrase- to encrypt the
plaintext. The same plaintext encrypts to different ciphertext with different keys. The
security of encrypted data is entirely dependent on two things: the strength of the
cryptographic algorithm and the secrecy of the key

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Conventional cryptography
➢ Captains Midnight’s Secret Decoder Ring
➢ Caesar’s cipher

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies
➢ Public key cryptography
➢ introduced by Whitfield Diffie and Martin Hellman in 1975
➢ asymmetric scheme

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY
 College
College of
of
Computer
Computer
Studies
Studies

TRY IT!

Try to study the Vigenère Cipher. Click the provided link.

https://www.khanacademy.org/computing/computers-
andinternet/xcae6f4a7ff015e7d:online-
datasecurity/xcae6f4a7ff015e7d:data-
encryptiontechniques/a/symmetric-encryption-techniques

ITC
ITC111
111: INTRO TOTO
: INTRO COMPUTING
COMPUTING TOPIC : COMPUTER
TOPIC: AND INFORMATION
BASIC COMPUTER CONCEPTSSECURITY