Chapter 7
Chapter 7
Definition
Security is about protecting things of value to an organization, in relation to the possible risks. This
includes material and intellectual assets; it includes the very assumptions that are the foundation of an
organization or human–computer system.
Anything that can cause a failure of those assumptions can result in loss, and must therefore be
considered a threat.
Computer hazards range from the destruction of the computer hardware and hence loss of data due
to natural disaster to the modification and theft of confidential information on the computer
Generally, hazards to the computers can be categorized into three major categories.
• Physical hazards
• Malicious programs
• Intruder
Protecting against these issues requires both pro-active (preventative) measures and damage control
after breaches. Our task is roughly as follows:
1
What resources are we trying to protect?
Secrets: Some sites have secrets they wish to protect. They might be government or tradesecrets
or the solutions to a college exam.
Personnel data: In your country there are probably rules about what you must do to safeguard
sensitive personal information. This goes for any information about employees, patients, customers
or anyone else we deal with.
Malicious intruders. Note that people with malicious intent might come from inside or outside our
organization. It is wrong to think that the enemy is simply everyone outside of our domain. Too many
organizations think ‘inside/outside’ instead of dealing with proper access control. If one always
ensures that systems and data are protected on a need-to-know basis, then there is noreason to
discriminate between inside or outside of an
organization.
Missed deadlines
Loss of reputation.
Who are the people trying to break in?
Sophisticated spies
2
Tourists, just poking around
3
Backup and Recovery
Backup is copying your files to another storage device. This can be through a tape backup, a
secondary computer, or a cloud hosted backup solution. Backup protects your data in case of theft (a
single laptop to office break-ins), employee accidents (deletion of an important file), or a technical
issues (crashed hard drive). With this protection, you can access a copy of your data and restore it
easily.
Backup and recovery refers to the various strategies and procedures involved in protecting your
database against data loss and reconstructing the database after any kind of data loss.
A backup is a copy of data from your database that can be used to reconstruct that data. This copy
includes important parts of your database such as the control file and data files. A backup is a safeguard
against unexpected data loss and application errors; should you lose your original data, you can use the
backup to make it available again.
Recovery
Recovery (i.e. data recovery) is another method of data protection used today. But instead of prevention
of data loss, recovery software deal with salvaging data that is already lost due to many reasons such as
physical damage in storage devices, errors in logical file structure of the operating systems and
accidental deletion of files.
Backup and recovery systems are used for the protection and retention of data. Backup is used to keep
copies of data for data protection purposes, while recovery is used for salvaging data that is already
lost. In other words, backup can be considered a precautionary method (making and keeping copies of
data in case they get lost), while recovery is a cure for already lost data. Even though, precaution is
always better than cure.
4
Operating System Security
An operating system (OS) is system software that manages computer hardware and software
resources andprovides common services for computer programs. Application programs usually
require an operating system to function so OS provide suitable environment for different
application software to do well. OS is considered as boss of the whole computer system.
Microsoft Windows,
Mac OS and
Linux
Computer Security refers to providing a protection system to computer system resources such as
CPU, memory, disk, software programs and most importantly data/information stored in the computer
system. If a computer program is run by unauthorized user then he/she may cause severe damage to
5
computer or data stored in it. So a computer system must be protected against unauthorized access,
malicious access to system memory, viruses, worms etc.
Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and
availability.
OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms,
malware or remote hacker intrusions. OS security encompasses all preventive-control techniques,
which safeguard any computer assets capable of being stolen, edited or deleted if OS security is
compromised.
Antivirus
Virus and worms - can replicate and duplicate themselves on computer system. They are highly dangerous
and can modify/delete user files, crash systems.
A virus is generally a small code embedded in a program. As user accesses the program, the virusstarts
getting embedded in other files/ programs and can make system unusable for user.
A computer virus can range in size and purpose but typically they are small bits of code which are hidden in
or attached to other files. The word virus is often a broad term which is used to refer to things such as
worms, spyware, adware, malware, trojan horses and rogue software but all these things are actually
different and fall into a class of there own
What is Anti-Virus
Anti-virus software is a program or set of programs that are designed to prevent, search for, detect,
and remove software viruses, and other malicious software like worms, Trojans, adware, and more.
Antivirus software sometimes known as anti-malware software is computer software used to prevent,
detect and remove malicious software.
. The problems and damage that are caused by an infection can be extremely varied.
6
The infection may be as simple as a prank that will cause strange noises, pop-ups and other
annoying instances to occur on your system.
They may delete files and slow down your system or they could even damage your hardware or
possibly destroy your entire computer system. Once on your system an infection will spread by
attaching to other programs and files within your system.
Viruses will often not just replicate within your system but also attempt to spread to other systems
outside of the locally infected one by methods such as taking control of your email andsending out
copies of itself to those in your contacts list.
There are several ways that your system may become infected. The most common way a virus is
spread is thru infected attachments to email. These attachments may come in the form of pictures,
videos, sound clips or just about any other type of file that can be attached to an email. Infections can
also be spread through internet downloads. These could be completely legitimate files or links which
have been altered unknowingly to include a virus or they can come from illegal software downloaded
via peer-to-peer programs or other services.
Here are some signs that may indicate that your system may have been infected.
Random files and icons appearing on your desktop or other places when you did not installsuch
things.
Files and icons which were on your system before have disappeared without you having
uninstalled or moved them.
A high number of unusual error messages occurring.
Applications are no longer accessible with passwords when you have not changed the
password.
Programs which worked properly before run slowly or do not run at all.
7
Your system becomes extremely slow or constantly freezes.
Your system crashes and reboots every few minutes or simply will no longer boot at all.
Security Tools
Is a general phrase used to describe any software that provides security for a computer or network?
There are many types of security software including
1. antivirus software,
2. Software patches and updates
3. Spam blockers
4. Pop-up blockers
5. encryption software,
6. firewall software and
7. Spyware removal software.
Additionally, many operating systems also come preloaded with security software and tools. The two
most common types of security software used for personal computer security are antivirus software
(virus protection software) and antispyware software (spyware removal software).
8
Anti-virus software can be used as both a preventative tool and as a reactive tool. It prevents
infection and detects, and removes, viruses, worms and Trojan horses. Anti-virus software should be
installed on all computers connected to the network.
OS (operating system, such as Linux, Windows, etc.) and application vendors continuously provide
updates and security patches that can correct known vulnerabilities in the software. In addition,
vendors often release collections of patches and updates called service packs.
Fortunately, many operating systems offer an automatic update feature that allows OS and
applications updates to be automatically downloaded and installed on a host.
Anti-Spam/spam-blocker
Spam is not only annoying; it can overload email servers and potentially carry viruses and other
security threats. Anti-spam software protects hosts by identifying spam and performing an action,
such as placing it into a junk folder or deleting it. It can be loaded on a machine locally, but can also
be loaded on email servers.
In addition to using spam blockers, other preventative actions to prevent the spread of spam include:
9
• Identify sources of spam and report it to a network administrator so it can be blocked.
• Report incidents to the governmental agency that deals with abuse by spam.
One of the most common types of spam forwarded is a virus warning. While some virus warnings sent
via email are true, a large amount of them are hoaxes (trick) and do not really exist. This type ofspam
can create problems because people warn others of the impending disaster and so flood the email
system.
In addition, network administrators may overreact and waste time investigating a problem that does
not exist. Finally, many of these emails can actually contribute to the spread of viruses, worms and
Trojan horses. Before forwarding virus warning emails, check to see if the virus is a hoax at a trusted
source such as:
Pop-up Blockers
Pop-up stopper software can be installed to prevent pop-ups and pop-under. Many web browsers
include a pop-up blocker feature by default.
• Note that some programs and web pages create necessary and desirable pop-ups.
Encryption software
Is software that can encrypt and decrypt data, often in the form of files on a hard drive or packets sent
over a network. Encryption software uses an encryption scheme that encodes computer data so that it
cannot be recovered without the correct key. Software encryption is a fundamental part of modern
computer communications and file protection.
The purpose of encryption is to prevent third parties from recovering any of the original data, or even
any information about the data, from the encrypted data. This is particularly important for sensitive
data like social security numbers.
10
Anti-Spyware /Spyware removal software
Spyware can also cause virus-like symptoms. In addition to collecting unauthorized information, they
can use important computer resources and affect performance. Anti-spyware software detects and
deletes spyware applications, as well as prevents future installations from occurring. Some Anti-virus
packages include Anti-Spyware functionality.
Firewall
Firewall is a barrier between Local Area Network LAN and the Internet. It allows keeping
privateresources confidential and minimizes the security risks. It controls network traffic,
in both directions.
Firewalls are software programs or hardware devices that filter the traffic that flows into your PC or
your network through an internet connection. They sift through the data flow & block that which they
deem (based on how & for what you have tuned the firewall) harmful to your network or computer
system.
When connected to the internet, even a standalone PC or a network of interconnected computers make
easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that
makes you less vulnerable and also protect your data from being compromised or your computersbeing
taken hostage.
How it works?
Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful
monitoring. Firewalls can also be tuned to follow "rules".
Rules will decide who can connect to the internet, what kind of connections can be made, which orwhat kind of files
can be transmitted in out.
Firewall Rules
Firewalls rules can be customized as per your needs, requirements & security threat levels. You can
create or disable firewall filter rules based on such conditions as:
11
IP Addresses
Blocking off a certain IP address or a range of IP addresses, which you think are predatory.
Domain names
you can only allow certain specific domain names to access your systems/servers or allow access to
only some specified types of domain names or domain name extension like .edu or
.mil.
Protocols
A firewall can decide which of the systems can allow or have access to common protocolslike IP,
SMTP, FTP, UDP,ICMP, Telnet or SNMP.
Ports
Blocking or disabling ports of servers that are connected to the internet will help maintain thekind of
data flow you want to see it used for & also close down possible entry points for hackers or malignant
software.
Types of Firewall
Firewalls can be classified as: -
Software firewalls
New generation Operating systems come with built in firewalls or you can buy firewall softwarefor
the computer that accesses the internet or acts as the gateway to your home network.
Hardware firewalls
Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or
computers on your network connect to this router & access the web.
12
13