Week 1: Introduction to Computer Security

1. Overview of Computer Security

Definition and Concept of Computer Security

• What is Computer Security?

o Computer security, also referred to as cybersecurity, is the protection of
computer systems and networks from threats such as unauthorized access, data
breaches, theft, or damage. It includes technologies, processes, and practices
that aim to protect the confidentiality, integrity, and availability of information
and resources.
o Cybersecurity vs Information Security: While these two terms are often used
interchangeably, they have subtle differences. Cybersecurity primarily focuses
on the protection of systems and networks, whereas information security is
concerned with the protection of data, whether in physical or digital form.

The Triad of Computer Security: CIA Model

• Confidentiality: This ensures that sensitive information is only accessible to

authorized individuals or systems. Confidentiality is commonly maintained through
encryption, access control mechanisms, and secure authentication protocols.
• Integrity: Integrity guarantees that data is not altered in an unauthorized manner.
Methods such as checksums, hash functions, and digital signatures are used to ensure
data integrity and prevent unauthorized modifications.
• Availability: Availability ensures that information and systems are accessible and
functional when required by authorized users. This aspect of security is focused on
protecting against threats such as Distributed Denial of Service (DDoS) attacks, system
crashes, or hardware failures.

Importance of Computer Security

• Protecting Personal Privacy: With the rise of digital communication, social media,
and online transactions, securing personal data such as passwords, financial details, and
personal identifiers has become critical.
 • Safeguarding Businesses and Organizations: Businesses rely heavily on data and
online services. A breach of customer data, intellectual property theft, or damage to
infrastructure can lead to loss of trust, financial damage, and legal consequences.
• Preventing Cybercrimes: Cybercrimes such as identity theft, cyberbullying, hacking,
and data theft are becoming more sophisticated. Computer security provides the
mechanisms to defend against these crimes.
• Critical Infrastructure Protection: Governments, financial institutions, healthcare
organizations, and power grids all rely on secure computing systems to operate. Cyber-
attacks on critical infrastructure can have dire consequences, including national security
risks.

2. Operating System Vulnerabilities

What are Operating System Vulnerabilities?

• Operating system vulnerabilities refer to flaws, weaknesses, or bugs in the operating

system that can be exploited by attackers to compromise the security of the system.
These vulnerabilities can lead to unauthorized access, privilege escalation, or even full
control of the system by attackers.

Types of Operating System Vulnerabilities

• Buffer Overflow Vulnerability:

o A buffer overflow occurs when a program writes more data to a buffer (a
temporary data storage area) than it can hold. The excess data can overwrite
adjacent memory, potentially allowing attackers to execute arbitrary code and
take control of the system.
o Real-World Example: The infamous Morris Worm exploited buffer overflow
vulnerabilities in Unix-based systems in 1988.
• Privilege Escalation:
o Privilege escalation allows an attacker to gain higher levels of access within the
system than they are authorized to have. This could involve moving from a
standard user account to an administrator or root account.
o Horizontal Escalation: Accessing other users' accounts with similar privileges.
 o Vertical Escalation: Gaining higher privileges, such as moving from a regular
user account to system administrator or root.
• Unpatched Software Vulnerabilities:
o Unpatched software refers to software that has known security flaws but hasn't
been updated or patched to fix them. Attackers exploit these vulnerabilities to
compromise systems.
o Example: The WannaCry ransomware attack in 2017 exploited a Windows
vulnerability that Microsoft had already patched. Organizations that failed to
install the patch were vulnerable to this attack.
• Insecure Default Configurations:
o Many operating systems, especially older versions, come with insecure default
settings, such as weak or empty passwords, open ports, or unnecessary services
enabled. These misconfigurations can be exploited by attackers.
• Race Condition Vulnerability:
o A race condition occurs when two or more processes try to access shared
resources simultaneously, causing unpredictable behavior. If exploited,
attackers can manipulate the race condition to gain unauthorized access to the
system.

Mitigating Operating System Vulnerabilities

• Patch Management: Regular updates and patches from the operating system vendor
are crucial for addressing vulnerabilities and securing systems.
• Security Configurations: Administrators should configure systems securely by
disabling unused services, using strong passwords, and restricting access controls.
• Access Control Mechanisms: Implementing proper user authentication, authorization,
and account management policies can prevent unauthorized users from gaining access
to sensitive system areas.
• Intrusion Detection Systems (IDS): IDS tools can monitor system activities for signs
of suspicious behavior or exploits and alert system administrators to potential threats.

3. Application Security: Web, Email, and Database Security

Web Security
 • Overview of Web Security: Web applications are one of the most common attack
vectors for hackers. They allow users to interact with a system over the internet, making
them prone to several types of attacks.
• Common Web Application Vulnerabilities:
o SQL Injection: This occurs when an attacker manipulates a web application's
input fields to execute malicious SQL commands, potentially gaining
unauthorized access to databases. SQL injection can lead to data theft, data
corruption, and unauthorized administrative access.
o Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts
into a web page that are executed by the victim's browser. The attacker can steal
cookies, session tokens, or execute malicious actions on behalf of users.
o Cross-Site Request Forgery (CSRF): This attack tricks a user into executing
an unwanted action on a website where they are authenticated, such as changing
their account details or making financial transactions.
• Best Practices for Web Security:
o Input Validation: Ensure that all user inputs (e.g., forms, URLs) are validated
and sanitized to prevent malicious code from being executed.
o Prepared Statements for Database Queries: Use prepared statements in SQL
queries to avoid SQL injection vulnerabilities.
o Secure Authentication: Implement multi-factor authentication (MFA) and
secure password storage mechanisms (e.g., hashing) to protect user accounts.
o HTTPS: Enforce HTTPS to ensure that data exchanged between the user's
browser and the web server is encrypted and secure.
o Regular Security Audits: Conduct regular security audits and vulnerability
assessments of the web application to identify potential weaknesses.

Email Security

• Overview of Email Security: Email remains one of the most common communication
channels and is a primary vector for cyberattacks. Phishing and malware are frequently
spread via email, making it essential to protect against these threats.
• Common Email Security Threats:
 o Phishing Attacks: Phishing is when attackers impersonate legitimate entities
(such as banks or service providers) in emails to trick users into divulging
sensitive information, such as usernames, passwords, and credit card numbers.
o Malware via Email: Malware can be delivered via email attachments or
embedded links. Clicking on malicious links or downloading infected
attachments can lead to malware infections, ransomware attacks, and system
compromise.
o Business Email Compromise (BEC): BEC involves cybercriminals
impersonating executives or employees to authorize fraudulent transactions or
steal company data.
• Best Practices for Email Security:
o Email Filtering: Use spam filters to block unsolicited emails and potential
phishing attempts.
o User Awareness Training: Educate employees and users on how to recognize
phishing emails, suspicious attachments, and malicious links.
o Email Encryption: Encrypt sensitive emails to ensure that their contents are
not intercepted during transmission.
o Authentication Mechanisms: Implement DMARC, SPF, and DKIM to ensure
that emails sent from your domain are legitimate and not forged.

Database Security

• Overview of Database Security: Databases store sensitive information, such as user

credentials, financial data, and business records. Ensuring their security is vital for
protecting this data.
• Common Database Security Vulnerabilities:
o Weak Authentication: Poor or missing authentication mechanisms allow
unauthorized users to access and manipulate database contents.
o SQL Injection Attacks: As with web security, SQL injection can also be used
to attack databases directly, causing unauthorized access or data manipulation.
o Data Insertion or Exfiltration: Attackers may exploit weaknesses in database
access controls to insert malicious data or steal sensitive information.
• Best Practices for Database Security:
 o Encryption: Encrypt sensitive data both in transit (using SSL/TLS) and at rest
(using AES or similar encryption standards).
o Access Control: Use role-based access control (RBAC) to restrict who can
access and modify database records.
o Regular Backups: Regularly back up database data to prevent loss in the event
of an attack or system failure.

4. Common Security Threats

Viruses

• Definition: A virus is a type of malware that attaches itself to a legitimate program or

file and spreads to other programs or systems. It can damage or alter files, steal
information, or cause system malfunctions.
• Real-World Examples:
o ILOVEYOU Virus (2000): A computer worm that spread via email and caused
billions of dollars in damage.
o Conficker Worm (2008): A computer worm that spread through vulnerabilities
in Windows and created a botnet.
• Mitigation:
o Use antivirus and anti-malware software.
o Keep systems updated with the latest patches.
o Avoid opening unknown email attachments or clicking on suspicious links.

Malware

• Overview of Malware: Malware is any software designed to harm, exploit, or

otherwise compromise the integrity of a system. It includes viruses, worms, trojans,
ransomware, and spyware.
• Types of Malware:
o Ransomware: Malware that encrypts the victim's files and demands a ransom
to restore access.
o Spyware: Software that secretly monitors the user's activities, often stealing
sensitive information like login credentials.
 o Trojan Horses: Malicious software disguised as legitimate programs that, once
executed, allow attackers to gain control of the system.
• Mitigation:
o Keep antivirus software up-to-date.
o Regularly scan for malware infections.
o Use firewalls and endpoint protection to monitor and block suspicious activities.

Conclusion

The first week of learning computer security provides essential insights into the fundamental
concepts, including the protection of operating systems, applications, databases, and common
security threats like viruses and malware. Understanding these basics is critical to defending
against the growing complexity and scale of cybersecurity threats in today's digital landscape.
In future weeks, we will dive deeper into practical techniques for securing systems, responding
to incidents, and exploring advanced security methodologies.