Chapter-7

Computer Security
PREPARED BY: SUSHANT BHATTARAI
Introduction
 Computer security is needed to protect the computing system and to protect
the data that they store and access.
 Transmission of data using network (Internet) and communication links has
necessitated the need to protect the data during transmission over the
network.
 We use the term computer security to refer to both the computer security and
the network security.
 Computer security focuses on the security attacks, security mechanisms and
security services.
 Security attacks are the reasons for breach of security. Security attacks comprise of
all actions that breaches the computer security.
 Security mechanisms are the tools that include the algorithms, protocols or devices,
that are designed to detect, prevent, or recover from a security attack.
 Security services are the services that are provided by a system for a specific kind of
protection to the system resources.
Security Threat and Security Attack
 A threat is a potential violation of security and causes
harm. A threat can be a malicious program, a natural
disaster or a thief.
 Vulnerability is a weakness of system that is left
unprotected. Systems that are vulnerable are exposed to
threats. Threat is a possible danger that might exploit
vulnerability.
 A security attack may be a passive attack or an active
attack.
 Passive attack
 The aim of a passive attack is to get information from the
system but it does not affect the system resources.
 Passive attacks are similar to eavesdropping.
 Passive attacks may analyze the traffic to find the nature of
communication that is taking place, or, release the contents
of the message to a person other than the intended
receiver of the message.
 Passive attacks are difficult to detect because they do not
involve any alteration of the data.
Security Threat and Security Attack
 Active attack
 An active attack tries to alter the system resources or affect its operations. Active
attack may modify the data or create a false data.
 An active attack may be a masquerade (an entity pretends to be someone
else), replay (capture events and replay them), modification of messages, and
denial of service.
 Active attacks are difficult to prevent.
Malicious Software

 The software that is intentionally included into a system with the intention to
harm the system is called malicious software.
 Viruses, Trojan horse, and Worms are examples of malicious programs.
 JavaScripts and Java applets written with the purpose of attacking, are also
malicious programs.
 Virus
 Virus is a software program that is destructive in nature. Virus programs have
the following properties:
 It can attach itself to other healthy programs.
 It can replicate itself and thus can spread across a network.
 It is difficult to trace a virus after it has spread across a network.
 Viruses harm the computer in many ways:-
 corrupt or delete data or files on the computer
 change the functionality of software applications
 use e-mail program to spread itself to other computers
 erase everything on the hard disk
 viruses cannot infect write protected disks or infect written documents. Viruses
do not infect an already compressed file. Viruses also do not infect computer
hardware; they only infect software.
Worm

 Worm is self-replicating software that uses network and security holes to

replicate itself.
 A copy of the worm scans the network for another machine that has a
specific security hole. It copies itself to the new machine using the security
hole, and then starts replicating from there, as well.
 A worm is however different from a virus. A worm does not modify a
program like a virus, however, it replicates so much that it consumes the
resources of the computer and makes it slow.
 Some examples of worms are—“Code Red” and “Nimda”.
Trojan Horse

 Trojan horse is destructive programs that masquerade as useful programs.

 Users install Trojan horses thinking that it will serve a useful purpose such as a
game or provide entertainment.
 Trojan horses contain programs that corrupt the data or damage the files.
 Trojan horses can corrupt software applications.
 They can also damage files and can contain viruses that destroy and
corrupt data and programs.
 Trojan horse does not replicate themselves like viruses.
Javascript,JavaApplet and Active
X
 Applets (Java programs), and ActiveX controls are used with Microsoft
technology, which can be inserted in a Web page and are downloaded
on the client browser for execution.
 Applets and ActiveX controls are generally used to provide added
functionality such as sound and animation.
 These programs when designed with a malicious intention can be disastrous
for the client machine
 Javascript is a scripting language generally nested within HTML code. The
client-side scripts on a HTML page execute inside the Web browser on the
client computer. Javascript codes can be used to transfer files, send e-mails
and write to local files. If used with a maligned intention, the scripts can be
dangerous for the client machine.
 Security Services
 The security services provide specific kind of protection to system resources.
 Security services ensure Confidentiality, Integrity, Authentication, and Non-Repudiation
of data or message stored on the computer, or when transmitted over the network.
 It provides assurance for access control and availability of resources to its authorized
users.
 Confidentiality:
 The confidentiality aspect specifies availability of information to only authorized users.
 It is the protection of data from unauthorized disclosure. It requires ensuring the privacy of data
stored on a server or transmitted via a network, from being intercepted or stolen by
unauthorized users.
 Data encryption stores or transmits data, in a form that unauthorized users cannot understand.
Data encryption is used for ensuring confidentiality.
 Integrity
 It assures that the received data is exactly as sent by the sender, i.e. the data has not been
modified, duplicated, reordered, inserted or deleted before reaching the intended recipient.
 The data received is the one actually sent and is not modified in transit.
Security Services

 Authentication
 Authentication is the process of ensuring and confirming the identity of the user before
revealing any information to the user.
 Authentication provides confidence in the identity of the user or the entity connected.
 It also assures that the source of the received data is as claimed.
 Authentication is facilitated by the use of username and password, smart cards,
biometric methods like retina scanning and fingerprints.
 Non-Repudiation
 It prevents either sender or receiver from denying a transmitted message.
 For a message that is transmitted, proofs are available that the message was sent by
the alleged sender and the message was received by the intended recipient.
 For example, if a sender places an order for a certain product to be purchased in a
particular quantity, the receiver knows that it came from a specified sender.
 Non-repudiation deals with signatures.
Security Mechanism

 Security mechanisms deal with prevention, detection, and recovery from a

security attack.
 Prevention involves mechanisms to prevent the computer from being
damaged.
 Detection requires mechanisms that allow detection of when, how, and by
whom an attacked occurred.
 Recovery involves mechanism to stop the attack, assess the damage done, and
then repair the damage.
 Security mechanisms are built using personnel and technology.
 Personnel are used to frame security policy and procedures, and for training and
awareness.
 Security mechanisms use technologies like cryptography, digital signature, firewall, user
identification and authentication, and other measures like intrusion detection, virus
protection, and, data and information backup, as countermeasures for security
attack.
Cryptography

 Cryptography is the science of writing information in a “hidden” or “secret” form

and is an ancient art.
 Cryptography is necessary when communicating data over any network,
particularly the Internet.
 It protects the data in transit and also the data stored on the disk.
 Cryptography uses different schemes for the encryption of data.
 These schemes constitute a pair of algorithms which creates the encryption and
decryption, and a key.
 Key is a secret parameter (string of bits) for a specific message exchange
context. Keys are important, as algorithms without keys are not useful.
 The encrypted data cannot be accessed without the appropriate key. The size
of key is also important.
 The larger the key, the harder it is to crack a block of encrypted data. The
algorithms differ based on the number of keys that are used for encryption and
decryption.
Cryptography

 The three cryptographic schemes are as follows:

 Secret Key Cryptography (SKC): Uses a single key for both encryption and
decryption,
 Public Key Cryptography (PKC): Uses one key for encryption and another
for decryption,
 Hash Functions: Uses a mathematical transformation to irreversibly encrypt
information.
Secret Key Cryptography
 Secret key cryptography uses a single key for both encryption and decryption.
 The sender uses the key to encrypt the plaintext and sends the cipher text to
the receiver. The receiver applies the same key to decrypt the message and
recover the plaintext.
 Since a single key is used for encryption and decryption, secret key
cryptography is also called symmetric encryption.
 Secret key cryptography scheme are generally categorized as stream ciphers
or block ciphers.
 Stream ciphers operate on a single bit (byte or computer word) at a time and
implement some form of feedback mechanism so that the key is constantly
changing.
 Block cipher encrypts one block of data at a time using the same key on each
block. The same plaintext block will always encrypt to the same cipher text
when using a same key in a block cipher.
Public key Cryptography
 Public-key cryptography facilitates secure communication over a non-secure
communication channel without having to share a secret key.
 Public-key cryptography uses two keys:-one public key and one private key.
 The public key can be shared freely and may be known publicly.
 The private key is never revealed to anyone and is kept secret.
 The two keys are mathematically related although knowledge of one key does
not allow someone to easily determine the other key.
 The plaintext can be encrypted using the public key and decrypted with the
private key and conversely the plaintext can be encrypted with the private key
and decrypted with the public key.
 Both keys are required for the process to work.
 Rivest, Shamir, Adleman (RSA) is the first and the most common public-key
cryptography algorithm in use today.
Hash Functions
 Hash functions are one-way encryption algorithms that, in some sense, use
no key. This scheme computes a fixed-length hash value based upon the
plaintext. Once a hash function is used, it is difficult to recover the contents
or length of the plaintext
 Hash functions are generally used to ensure that the file has not been
altered by an intruder or virus. Any change made to the contents of a
message will result in the receiver calculating a different hash value than
the one placed in the transmission by the sender.
 Hash functions are commonly employed by many operating systems to
encrypt passwords.
 Message Digest (MD) algorithm and Secure Hash Algorithm (SHA) are some
of the common used hash algorithms.
 Digital Signature
 A digital signature is used to sign a computerized document. The properties of a digital
signature are same as that of ordinary signature on a paper.
 Digital signatures are easy for a user to produce, but difficult for anyone else to forge.
 Digital signatures can be permanently tied to the content of the message being signed
and then cannot be moved from one document to another, as such an attempt will
be detectable.
 Digital signature scheme is a type of asymmetric cryptography. Digital signatures use
the public key cryptography, which employs two keys:-private key and public key. The
digital signature scheme typically consists of three algorithms:
 Key generation algorithm—The algorithm outputs private key and a corresponding public key.
 Signing algorithm—It takes, message + private key, as input, and, outputs a digital signature.

 Signature verifying algorithm—It takes, message + public key + digital signature, as

input, and, accepts or rejects digital signature.
 The use of digital signatures typically consists of two processes—Digital signature
creation and Digital signature verification
Digital Signature
Firewall
 A firewall is a security mechanism to protect a local network from the threats it
may face while interacting with other networks (Internet).
 A firewall can be a hardware component, a software component, or a
combination of both. It prevents computers in one network domain from
communicating directly with other network domains.
 All communication takes place through the firewall, which examines all incoming
data before allowing it to enter the local network.
 Functions of firewall are listed below:
 Firewalls provide security by examining the incoming data packets and allowing them to
enter the local network only if the conditions are met
 Firewalls provide user authentication by verifying the username and password. This
ensures that only authorized users have access to the local network.
 Firewalls can be used for hiding the structure and contents of a local network from
external users. Network Address Translation (NAT) conceals the internal network
addresses and replaces all the IP addresses of the local network with one or more public
IP addresses.
Working of Firewall
 The working of firewall is based on a filtering mechanism.
 The filtering mechanism keeps track of source address of data, destination
address of data and contents of data.
 The filtering mechanism allows information to be passed to the Internet from
a local network without any authentication.
 It makes sure that the downloading of information from the Internet to a
local network happens based only on a request by an authorized user.
Types of Firewall

 The following are the various types of firewalls generally used:

 Packet filter Firewall
 Circuit Filter Firewall
 Proxy server or Application-level Gateway
Packet Filter Firewall
 Packet Filter Firewall is usually deployed on the routers .
 It is the simplest kind of mechanism used in firewall protection.
 It is implemented at the network level to check incoming and outgoing packets.
 The IP packet header is checked for the source and the destination IP addresses and
the port combinations.
 After checking, the filtering rules are applied to the data packets for filtering. The
filtering rules are set by an organization based on its security policies.
 If the packet is found valid, then it is allowed to enter or exit the local network.
 Packet filtering is fast, easy to use, simple and cost effective.
 A majority of routers in the market provide packet filtering capability. It is used in small
and medium businesses.
 Packet filter firewall does not provide a complete solution.
 Circuit filter firewall
 Circuit filter firewalls provide more protection than packet filter firewalls. Circuit filter firewall is
also known as a “stateful inspection” firewall.
 It prevents transfer of suspected packets by checking them at the network layer.
 It checks for all the connections made to the local network, in contrast, to the packet filter
firewall which makes a filtering decision based on individual packets.
 It takes its decision by checking all the packets that are passed through the network layer
and using this information to generate a decision table. The circuit level filter uses these
decisions tables to keep track of the connections that go through the firewall.
 For example, when an application that uses TCP creates a session with the remote host, the
TCP port number for the remote application is less than 1024 and the TCP port number for
the local client is between 1024 and 65535. A packet filter firewall will allow any packet
which has a port number within the range 1024 and 65535. However, the circuit filter firewall
creates a directory of all outbound TCP connections.
 An incoming packet is allowed if its profile matches with an entry in the directory for the TCP
port numbers.
Application level gateway
 An application-level gateway or a proxy server protects all the client applications
running on a local network from the Internet by using the firewall itself as the
gateway.
 A proxy server creates a virtual connection between the source and the
destination hosts.
 A proxy firewall operates on the application layer. The proxy ensures that a direct
connection from an external computer to local network never takes place.
 The proxy automatically segregates all the packets depending upon the
protocols used for them.
 A proxy server must support various protocols. It checks each application or
service, like Telnet or e-mail, when they are passed through it.
 A proxy server is easy to implement on a local network.
 Application level gateways or proxy server tend to be more secure than packet
filters. Instead of checking the TCP and IP combinations that are to be allowed, it
checks the allowable applications.
Application level gateway
User Identification and
Authentication
 Identification is the process whereby a system recognizes a valid user’s
identity.
 Authentication is the process of verifying the claimed identity of a user.
 For example, a system uses user password for identification. The user enters
his password for identification.
 Authentication is the system which verifies that the password is correct, and
thus the user is a valid user.
 We will now discuss the following authentication mechanisms:
 User name and password
 Smart Card
 Biometrics—Fingerprints, Iris/retina scan
Username and Password

 The combination of username and password is the most common method

of user identification and authentication.
 The systems that use password authentication first require the user to have a
username and a password.
 Next time, when the user uses the system, user enters their username and
password.
 The system checks the username and password by comparing it to the
stored password for that username.
 If it matches, the user is authenticated and is granted access to the system
Username and Password

 Some actions that can be taken to make the passwords safer are as follows:
 It is good to change passwords periodically. This decreases chances of cracking
passwords.
 Make a password complex, like mix case, use numbers and special characters.
This decreases ability of automated attacks by increasing possible character
combinations.
 Use longer passwords so as to create exponentially higher number of
permutations and combinations of characters used, making them difficult to
break.
 Be cautious not to leave passwords lying around and don’t share them with
friends.
 Do not use your or your families’ name, age, address, city etc., as part of the
passwords.
Smart Card
 A smart card is in a pocket-sized card with embedded integrated circuits
which can process data.
 With an embedded microcontroller, smart cards have the unique ability to
store large amounts of data, carry out their own on-card functions (e.g.
encryption and mutual authentication) and interact intelligently with a smart
card reader. A smart card inserted into a smart card reader makes a direct
connection to a conductive contact plate on the surface of the card (typically
gold plated).
 Transmission of commands, data, and card status takes place over these
physical contact points.
 The smart card is made of plastic, generally PVC. The card may embed a
hologram. Using smart cards is a strong security authentication for single sign-on
within large companies and organizations.
 Smart cards are used in secure identity applications like employee-ID badges,
citizen-ID documents, electronic passports, driver license and online
authentication devices.
Biometrics

 Biometrics is the science and technology of measuring and statistically

analyzing biological data.
 In information technology, biometrics refers to technologies that measures
and analyzes human traits for authentication.
 This can include fingerprints, eye retinas and irises, voice patterns, facial
patterns and hand measurements, for authentication purposes.
 Biometrics is still not widely used, though it may play a critical role in future
computers. For example, many PCs nowadays include a fingerprint scanner
where you could place your index finger. The computer analyzes the
fingerprint to determine your identity and authenticate you.
 Biometric systems are relatively costly and are used in environments
requiring high-level security.
Other security measures

 Intrusion Detection Systems—They complement firewalls to detect if internal

assets are being hacked or exploited. A Network-based Intrusion Detection
monitors real-time network traffic for malicious activity and sends alarms for
network traffic that meets certain attack patterns or signatures. A Host-
based Intrusion Detection monitors computer or server files for anomalies
and sends alarms for network traffic that meets a predetermined attack
signature.
 Virus Protection Software—They should be installed on all network servers, as
well as computers. They screen all software coming into your computer or
network system (files, attachments, programs, etc.) preventing a virus from
entering into the system.
 Data and Information Backups—It is required for disaster recovery and
business continuity. Back-ups should be taken daily and periodically
(weekly) and should be kept for at least 30 days while rotating stockpile.
Other security measures

 Secure Socket Layer (SSL) is an algorithm developed by Netscape

Communications to provide application-independent security and
privacy over the Internet. SSL is designed so that protocols such as HTTP,
FTP, and Telnet can operate over it transparently. SSL allows both server
authentication (mandatory) and client authentication (optional). It uses
public-key cryptography (RSA algorithm). HTTP Secure (HTTPS) is an
extension to HTTP to provide secure exchange of documents over the
WWW
 IP Security (IPsec) Protocol—The IPsec protocol suite is used to provide
privacy and authentication services at the Internet layer. IPv4 is
currently the dominant Internet Protocol version. IPv6 is the next-
generation Internet Layer protocol for the Internet. IPv6 protocol stacks
include IPsec, which allows authentication, encryption, and
compression of IP traffic. IPsec can be used to protect any application
traffic across the Internet. Applications need not be specifically
designed to use IPsec, unlike SSL where the use of SSL must be
incorporated into the design of application.
Security Awareness

 The aim of the security awareness is to enhance the security of the

organization’s resources by improving the awareness of the need to secure
the system resources.
 Staff members play a critical role in protecting the integrity, confidentiality,
and availability of IT systems and networks.
 It is necessary for an organization to train their staff for security awareness
and accepted computer practices.
 Security of resources can be ensured when the people using it are aware of
the need to secure their resources.
 Security awareness of staff includes the knowledge of practices that must
be adhered to, for ensuring the security and the possible consequences of
not using those security practices.
Security Policy

 A security policy is a formal statement that embodies the organization’s overall security expectations,
goals, and objectives with regard to the organization’s technology, system and information.
 To be practical and implementable, policies must be defined by standards, guidelines, and
procedures. Standards, guidelines, and procedures provide specific interpretation of policies and
instruct users, customers, technicians, management, and others on how to implement the policies.
 The security policy states what is, and what is not allowed. A security policy must be comprehensive,
up-to-date, complete, delivered effectively, and available to all staff. A security policy must also be
enforceable. To accomplish this, the security policy can mention that strict action will be taken
against employees who violate it, like disclosing a password.
 Generally, security policies are included within a security plan. A security plan details how the rules
put forward by the security policy will be implemented. The statements within a security plan can
ensure that each employee knows the boundaries and the penalties of overstepping those
boundaries. For example, some rules could be included in the security policy of an organization, such
as, to log off the system before leaving the workstation, or not to share the password with other users.
 The security policy also includes physical security of the computers. Some of the measures taken to
ensure the physical security of a computer are—taking regular backups to prevent data loss from
natural calamity, virus attack or theft, securing the backup media, keeping valuable hardware
resources in locked room (like servers), to avoid theft of systems and storage media.