Chapter 1: Computer Security Introduction (3 hr)

History of Cyber Security

In 1969, Leonard Kleinrock, professor and student, Charley Kline, sent the first
electronic message from the From his computer to his Friends Computer at the
Stanford Research Institute. This is a well-known story and a moment in the history
of a digital world. The sent message from the UCLA was the word "login." The
system crashed after they typed the first two letters "lo." Since then, this story has
been a belief that the programmers typed the beginning message "lo and
behold." While factually believed that "login" was the intended message. Those
two letters of messages were changed the way we communicate with one
another.

In 1970's, Robert (Bob) Thomas who was a researcher in Cambridge,

Massachusetts created the first computer worm (virus). He realized that it was
possible for a computer program to move across a network, leaving a small trail
Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

(series of signs) wherever it went. He named the program Creeper, and designed
it to travel between different networks printing the message "I'M THE CREEPER:
CATCH ME IF YOU CAN."

An American computer programmer named Ray Tomlinson, the inventor of

email, was also working in Cambridge, Massachusetts at the time. He saw this
idea and liked it. He tinkered (an act of attempting to repair something) with the
program and made it self-replicating "the first computer worm." He named the
program Reaper, the first antivirus software which would found copies of The
Creeper and delete it. Thus The origin of cybersecurity began with these types of
research project. It only came into existence because of the development of
viruses.

1.1 Basic concepts of computer security

What is computer security?

Computer security basically is the protection of computer systems and

information from harm, theft, and unauthorized use. It is the process of preventing
and detecting unauthorized use of your computer system.

There are various types of computer security which is widely used to protect the
valuable information of an organization. Cyber Security is Constant fight between
attackers and defenders

Common categories of attackers are Interception, Interruption intrusion

Modification and Fabrication

Both Attackers and Defenders use Different types of Technique Tactics and
Procedure accordingly. FTF Computer is IOP Electronically Ther is Internet there is
Network there is Data and Information do you feel there is a link between C and
S that is CIA IIIMF CID Good Security Standards follow the "90 / 10" Rule:
Page 1
 • 10% of security safeguards are technical. Example: The lock on the door is
the 10%. You remembering to lock the lock, checking to see if the door is
closed, ensuring others do not prop the door open, keeping control of the
keys, etc. is the 90%. You need both parts for effective security.

What is Computer Security and its types?

One way to ascertain the similarities and differences among Computer Security
is by asking what is being secured. For example,

• Information security is securing information from unauthorized access,

modification & deletion
• Application Security is securing an application by building security
features to prevent from Cyber Threats such as SQL injection, DoS attacks,
data breaches and etc.
• Computer Security means securing a standalone machine by keeping it
Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

updated and patched

• Network Security is by securing both the software and hardware
technologies
• Cybersecurity is defined as protecting computer systems, which
communicate over the computer networks

Computer security can be defined as controls that are put in place to provide
confidentiality, integrity, and availability for all components of computer systems.
Let’s elaborate the definition.

Components of computer system HFS

The components of a computer system that needs to be protected are:

• Hardware, the physical part of the computer, like the system memory and
disk drive
• Firmware, permanent software that is etched into a hardware
device’s nonvolatile memory and is mostly invisible to the user
• Software, the programming that offers services, like operating system,
word processor, internet browser to the user

The CIA Triad

Computer security is mainly concerned with three

main areas:

• Confidentiality is ensuring that information is

available only to the intended audience

• Integrity is protecting information from being modified by unauthorized

parties
• Availability is protecting information from being modified by unauthorized
parties Plus giving access to authorized personel based on Rights and
Page 2

responsibility
 1.2 Threats, vulnerabilities, controls, risk

• A vulnerability is a flaw or weakness in an asset’s design, implementation,

or operation and management that could be exploited by a threat.
• A threat is a potential danger for a threat agent to exploit a vulnerability.
That affects negatively computer systems
• A risk is the potential for loss when the threat happens.
• Control involves implementing measures to reduce the probability or
impact of potential risks. This may include strategies such as implementing
safety procedures, creating backup systems, or employing preventative
measures to reduce the likelihood of bad outcome

Computer security threats

Computer security threats are possible dangers that can possibly hamper the
normal functioning of your computer. In the present age, cyber threats are
Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

constantly increasing as the world is going digital. The most harmful types of
computer security are:

Viruses

A computer virus is a malicious program which is loaded into the user’s

computer without user’s knowledge. It replicates itself and infects the files and
programs on the user’s PC. The ultimate goal of a virus is to ensure that the
victim’s computer will never be able to operate properly or even at all.

Computer Worm

A computer worm is a software program that can copy itself from one computer
to another, without human interaction. The potential risk here is that it will use up
your computer Resources such as hard disk space because a worm can replicate
in greate volume and with great speed.

Phishing

Disguising as a trustworthy person or business, phishers attempt to steal sensitive

financial or personal information through fraudulent email or instant
messages. Phishing in unfortunately very easy to execute. You are deluded into
thinking it’s the legitimate mail and you may enter your personal information.

Botnet

A botnet is a group of computers connected to the internet, that have been

compromised by a hacker using a computer virus. An individual computer is
called ‘zombie computer’. The result of this threat is the victim’s computer, which
is the bot will be used for malicious activities and for a larger scale attack like
DDoS.

Rootkit
Page 3
 A rootkit is a computer program designed to provide continued privileged access
to a computer while actively hiding its presence. Once a rootkit has been
installed, the controller of the rootkit will be able to remotely execute files and
change system configurations on the host machine.

Keylogger

Also known as a keystroke logger, keyloggers can track the real-time activity of a
user on his computer. It keeps a record of all the keystrokes made by user
keyboard. Keylogger is also a very powerful threat to steal people’s login
credential such as username and password.

1.3 Goals of computer security

The objective of Cybersecurity is to protect information from being stolen,

compromised or attacked. Cybersecurity can be measured by at least one of
Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

Why is Computer Security Important?

In this digital era, we all want to keep our computers and our personal
information secure and hence computer security is important to keep our
personal information protected. It is also important to maintain our computer
security and its overall health by preventing viruses and malware which would
impact on the system performance.

Computer Security Practices Some preventive steps you can take include:

• Secure your computer physically by:

o Installing reliable, reputable security and anti-virus software
o Activating your firewall, because a firewall acts as a security guard
between the internet and your local area network
• Stay up-to-date on the latest software and news surrounding your devices
and perform software updates as soon as they become available
• Avoid clicking on email attachments unless you know the source
• Change passwords regularly, using a unique combination of numbers,
letters and case types
• Use the internet with caution and ignore pop-ups, drive-by downloads
while surfing
• Taking the time to research the basic aspects of computer security
and educate yourself on evolving cyber-threats
• Perform daily full system scans and create a periodic system backup
schedule to ensure your data is retrievable should something happen to
your computer.
Page 4

1.4 Security attack

 Cyber security attacks refer to the sets of actions that the threat actors perform
to gain any unauthorised access, cause damage to systems/computers, steal
data, or compromise the computer networks. An attacker can launch a cyber
attack from any location. The attacker can also be an individual or even a
group. There are various TTP (tactics, techniques, and procedures) to do so.

What are Security Attacks?

A vulnerable application could subject people and systems to several kinds of

harm. An attack occurs when a malevolent actor takes advantage of security
flaws or vulnerabilities to harm others. In this Chapter we’ll examine various
attack methods, so that you’ll know what to watch out for when safeguarding
your application.

Types of Security Attacks

Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

Cyber security attacks can be of the following two types:

• Active attacks
• Passive attacks

1. Active Attacks

An active assault tries to change system resources or interfere with their

functionality. Active attacks entail some form of data stream manipulation or
false statement generation. Active attacks can take the following forms:

Example: Masquerade Attack

When one entity impersonates another, it commits a masquerade attack. One

of the other active attack types is included in a masquerade attack. An
authorisation process can become extremely vulnerable to a disguised attack if
it isn’t always completely safeguarded. Masquerade attacks can be carried out
via stolen logins and passwords, by spotting holes in programmes, or by figuring
out a way to get around the authentication procedure.

Mahamad Pretends to be Nimaan and Comes here in JJU anduses Nimaans

Login Details as result access SIMs For Grade Change of his Friend Mr X

2.Passive Attacks

A passive attack does not eat up system resources and instead makes an effort
to gather or use information from the system. Attacks that are passive in nature
spy on or keep track of transmission. The adversary wants to intercept the
transmission of information in order to collect it. The following are examples of
passive attacks:

Example Traffic Analysis

Page 5
 Imagine that we had a method of hiding (encrypting) data, preventing the
attacker from extracting any data from the communication even if it was
intercepted.

The adversary was able to ascertain the communication host’s location and
identity as well as its frequency and message length. It could be possible to infer
the nature of the message from this information.

Mahmad Studies the pattern Frequency an d contents of Messages exchanged

by Mr X and Mr Y from this details Mahamad infers Host location and Identity of
the Message

Listing Telephone Conversation of Heads of State is also this Category

1.5 Security policies and mechanisms

Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND

Critical to our study of Computer security is the distinction between policy and
mechanism.

• Definition 1–1. A security policy is a statement of what is, and what is not,
allowed.
• Definition 1–2. A security mechanism is a method, tool, or procedure for
enforcing a security policy.

Given a security policy's specification of "secure" and "nonsecure" actions,

these security mechanisms can prevent the attack, detect the attack, or
recover from the attack. The strategies may be used together or separately.

1.6 Prevention, detection, and deterrence

The Protection Process: 1) Prevent, 2) Deter, 3) Detect + React

Deter, Detect, Delay, Defend - 4 Steps to Better Security

1.7 Software security assurance

The Software Security Assurance (SSA) process focuses on addressing security in
the early life-cycle phases of acquisition and software development. Building
security into software requires considerations beyond basic
authentication/authorization and mandated operational compliance to identify
and address the threat environment in which the resulting operational system
must function.

software assurance is

• the level of confidence that software is free from vulnerabilities, either

intentionally designed into the software or accidentally inserted at any
time during its life cycle, and that the software functions in the intended
manner.
Page 6
 Example Software assurance includes the disciplines of software reliability
(also known as software fault tolerance), software safety, and software
security. The focus of Software Security Engineering

Program security Defenses are for key layers Layer 1 Parameter Protection
Layer 2 Host protection Layer 3 OS Protection and Layer 4 App Protection
Computer Security By Nimaan A.Computer Programmer and With CISCO Certified CCNA-CCNP-CCND
Page 7