COMPUTER SECURITY

NYAMU OGAKHAN

IDENTIFY SECURITY THREATS IN AN ORGANIZATION

Assets: things we want to protect

(data,systems,service etc)
Threats:Events that can happen to
assets( eg loss of confidentiality)
Attacks:Attempt to realize threats
Vulnerabilities: Weakness of the systems
which make attacks possible
Risk:A measure of the likelihood of
occurance of an attack
Impacts:A measure of how serious an
attack would be

Computer security defined

Analysing RISK and IMPACT of
THREATS
Protecting ASSETS against
ATTACKS
Overcoming VULNERABILITIES
Mitigating RISKS
Reducing impacts of ATTACKS

 Any illegal act involving a computer

generally is referred to as a
computer crime.
The term cybercrime refers to
online or Internet-based illegal acts.
Software used by cybercriminals
sometimes is called crimeware
Perpetrators of cybercrime and other
intrusions fall into seven basic
categories: hacker, cracker, script
kiddie, corporate spy, unethical
employee, cyberextortionist, and

 Hacker:refers to someone who accesses a

computer or network illegally.
Gains unauthorized access to the system/resource

A cracker also is someone who accesses a

computer or network illegally but has the intent
of
destroying data, stealing information, or other
malicious action.
Software cracking: modification of s/w-remove or
disable features
The most common way crackers gain access to
networks or systems is through social engineering,
whereby the cracker contacts employees at a
company and tricks them into divulging passwords
and other information that allows a cracker to gain
access.

 A script kiddie has the same intent

as a cracker but does not have the
technical skills and knowledge
A person who uses existing scripts,
code, or other tools illicitly to gain
entry to a computer system or
network, without understanding the
way the tools function or the way the
system or network is designed

 Industrial/economic/corporate
espionage
Espionage-practice of spying
Therefore industrial espionage is a form
of espionage conducted for commercial
purposes instead of purely national
security
the stealing of technological or
commercial research data, blueprints,
plans, etc., as by a person in the hire of
a competing company.

 A cyberextortionist is an individual
or group who uses email as an
offensive force.
The group or individual usually sends a
company a threatening email stating
that they have received confidential
information about their company and
will exploit a security leak or launch an
attack that will harm the company's
network. The message sent through the
email usually demands money in
exchange for the prevention of the
attack.

 A cyberterrorist is someone who uses

the Internet or network to destroy or
damage computers for political reasons.
The cyberterrorist might target the nations
air traffic control system, electricitygenerating com panies, or a
telecommunications infrastructure.

The term, cyberwarfare, describes an

attack whose goal ranges from disabling
a governments computer network to
crippling a country

Security Goals
Assets are accessed
only by authorized people
Confidentiality

Integrity AvailabilityAssets are accessible to

authorized people

Assets can be modified

only by authorized people

Confidentiality
Confidentiality is the term used to prevent
the disclosure of information to
unauthorized individuals or systems.
For example, a credit card transaction on the
Internet requires the credit card number to be
transmitted from the buyer to the merchant
and from the merchant to a transaction
processing network. The system attempts to
enforce confidentiality by encrypting the card
number during transmission, by limiting the
places where it might appear

Breaches of confidentiality take many forms.

Permitting someone to look over your shoulder
at your computer screen while you have
confidential data displayed on it could be a
breach of confidentiality.
If a laptop computer containing sensitive
information about a company's employees is
stolen or sold, it could result in a breach of
confidentiality.
Giving out confidential information over the
telephone is a breach of confidentiality
if the caller is not authorized to have the
information.

Integrity
In information security, integrity means that data
cannot be modified without authorization.
Integrity is violated when an employee
accidentally or with malicious intent deletes
important data files,
when a computer virus infects a computer,
when an employee is able to modify his own
salary in a payroll database,
when an unauthorized user vandalizes a web
site, when someone is able to cast a very large
number of votes in an online poll, and so on.

Availability
For any information system to serve
its purpose, the information must be
available when it is needed.
This means that the computing systems
used to store and process the
information, the security controls used
to protect it, and the communication
channels used to access it must be
functioning correctly.

Availability
Equipment is stolen or
Hardware disabled, thus denying
service.

Software

Confidentiality

Integrity

An unencrypted CDROM or DVD is stolen.

Programs are deleted,

An unauthorized copy
denying access to users. of software is made.

An unauthorized read
of data is performed.
Files are deleted,
Data
An analysis of
denying access to users.
statistical data reveals
underlying data.
Messages are destroyed
Communication or deleted.
Messages are read. The
Lines and Communication lines
traffic pattern of
Networks or networks are
messages is observed.
rendered unavailable.

A working program is
modified, either to
cause it to fail during
execution or to cause it
to do some unintended
task.
Existing files are
modified or new files
are fabricated.
Messages are modified,
delayed, reordered, or
duplicated. False
messages are
fabricated.

 The more common computer security

risks include
Internet and network attacks,
unauthorized access and use,
hardware theft,
software theft,
information theft,
and system failure .

INTERNET AND NETWORK ATTACKS

Internet and network attacks that jeopardize
security include
computer viruses,
worms,
Trojan horses, a
rootkits;
botnets;
denial of service attacks;
back doors;
spoofing.

 A computer virus is a potentially

damaging computer program that
affects, or infects, a computer
negatively by altering the way the
computer works without the users
knowledge or permission
Attaches itself to a program/file to
spread
It must me executed to run
It infects another programs

worm
The main difference between a virus
and a worm is that a worm does not
need a host document. In other
words, a worm does not need to
attach itself to another program. In
that sense, a worm is self-contained

 A worm is a program that copies

itself repeatedly, for example in
memory or on a network, using up
resources and possibly shutting down
the computer or network.
It has a capability to travel without
human interaction via a
network/emails
It replicates(makes an exact copy)consumes to much memory and
network bandwidth causing network
servers,PC stop working
It runs in the background of the

 A Trojan horse is a program that

hides within or looks like a legitimate
program.
A certain condition or action usually
triggers the Trojan horse.
Unlike a virus or worm, a Trojan horse
does not replicate itself to other
computers

 https://www.dropbox.com/s/opp0szao
kijypyq/Screenshot%202015-0430%2007.26.17.png?dl=0

 A rootkit is a program that hides in a computer

and allows someone from a remote location to
take full control of the computer. Once the
rootkit is installed, the rootkit author can
execute programs, change settings, monitor
activity, and access files on the remote
computer

A rootkit modifies the operating system

to hide its existence
E.g.,
-modifies file system exploration utilities
-Hard to detect using software that relies
on the OS itself

 Computer viruses, worms, Trojan

horses, and rootkits are classified as
malware (short for malicious
software
Malware: all software whose
purpose is malicious(intending to
harm) in nature

A computer infected by a virus, worm, Trojan horse, or rootkit

often has one or more of the following symptoms :

Operating system runs much slower than usual

Available memory is less than expected
Files become corrupted
Screen displays unusual message or image
Music or unusual sound plays randomly
Existing programs and files disappear
Programs or files do not work properly
Unknown programs or files mysteriously appear
System properties change
Operating system does not start up
Operating system shuts down unexpectedly

Safeguards against Computer Viruses and Other Malware

Never start a computer with removable media

inserted in the drives or plugged in the ports, unless
the media are uninfected.
Never open an e-mail attachment unless you are
expecting it and it is from a trusted source.
Set the macro security in programs so that you can
enable or disable macros. Enable macros only if the
document is from a trusted source and you are
expecting it.
Install an antivirus program on all of your
computers. Update the software and the virus
signature files regularly.

 Scan all downloaded programs for viruses and

other malware.
If the antivirus program flags an e-mail
attachment as infected, delete or quarantine the
attachment immediately.
Before using any removable media, scan the
media for malware. Follow this procedure even
for shrink-wrapped software from major
developers. Some commercial software has been
infected and distributed to unsuspecting users.
Install a personal firewall program.
Stay informed about new virus alerts and virus
hoaxes.

 A botnet is a group of compromised

computers connected to a network
such as the Internet that are used as
part of a network that attacks other
networks, usually for nefarious
purposes
Bot: malware that allows an attacker
to take control over an infected
computer

 Bots sneaks onto a PC in many ways:

They spread themselves across the
internet by searching for vulnerable,
unprotected PC to infect
When they find exposed PC they
quickly infect the machine and report
back to their masters
Their goal is then to stay hidden until
they are instructed to carryout an
automated tasks

Automated bot tasks

Sending:spams,viruses,spyware
Stealing:personal information and
private data and communicate it
back to the master:credit card
numbers,bank credentials
Clickfarud:frauders use bots to boost
web adversing billings automatically
on the internet ads
DoS

Denial of Service Attacks

A denial of service attack, or DoS
attack, is an assault whose purpose is
to disrupt computer access to an
Internet service such as the Web or email.
Flooding the targeted resource with
external communication request.
Makes the machine/resource
unavailable to its intended user

Perpetrators carry out a DoS attack in a

variety of ways.For example,
they may use an unsuspecting computer to
send an influx of confusing data messages
or useless traffic to a computer network.
The victim computer network slows down
considerably and eventually becomes
unresponsive or unavailable, blocking
legitimate visitors from accessing the
network
Effects-bandwidth ,disk space, processor
times.

Back Doors
A back door is a program or set of
instructions in a program that allow
users to bypass security controls
when accessing a program,
computer, or network.
A back door is a means of access
to a computer program that
bypasses security mechanisms.

 Spoofing
Spoofing is a technique intruders use to make
their network or Internet transmission appear
legitimate to a victim computer or network.
Several types of spoofing schemes exist. One
type, called e-mail spoofing, occurs when the
senders address or other components of the
e-mail header are altered so that it appears
the e-mail originated from a different sender..
Another type, called IP spoofing, occurs when
an intruder computer fools a network into
believing its IP address is associated with a
trusted source.

Safeguards against Botnets, DoS/DDoS Attacks, Back Doors, and

Spoofing

Firewall
Intrusion dection systems
honeypots

 Firewalls
A firewall is hardware and/or software
that protects a networks resources
from intrusion by users on another
network such as the Internet .
It screens out hackers/viruses/worms
that try to enter
Controls the incoming and outgoing
traffic based on applied rule set

Intrusion Detection Software

Is a device/software application that monitors
the network/systems activities for malicious
activities or policy violations and produces a
report to the management stations
Intrusion detection software automatically
analyzes all network traffic
assesses system vulnerabilities,
identifies any unauthorized intrusions
and notifies network administrators of suspicious
behavior patterns or system breaches.

Honeypot
Is a trap set to detect ,counteract
attempts at unauthorized use of
information
It is used as early warning/surveillance
tool used to minimize risks

unauthorized access and

use
Unauthorized access is the use of a computer or network
without permission.
Unauthorized use is the use of a computer or its data for
unapproved or possibly illegal activities.
Unauthorized use includes a variety of activities:
an employee using an organizations computer to send
personal e-mail messages,
an employee using the organizations word processing
software to track his or her childs soccer league scores, or
someone gaining access to a bank computer and performing
an unauthorized transfer.
For the home user, most unauthorized use occurs on
computers that have always-on Internet connections, such as
through Internet cable or DSL

Safeguards against Unauthorized Access and Use

should have a written acceptable

use policy (AUP) that outlines the
computer activities for which the
computer and network may and may
not be used
should disable file and printer
sharing on your Internet connection
firewalls and
intrusion detection software

Identifying and Authenticating Users

An access control is a security

measure that defines who can access
a computer, when they can access it,
and what actions they can take while
accessing the computer. In addition,
the computer should maintain an
audit trail that records in a file both
successful and unsuccessful access
attempts

Three methods of identification and authentication

include
user names and passwords,(A CAPTCHA,
which stands for Completely Automated Public
Turing test to tell Computers and Humans Apart)
possessed objects(Examples of possessed
objects are badges, cards, smart cards, and
keys)
bio metric devices.( Examples of biometric
devices and systems include fingerprint
readers,hand geometry systems, face
recognition systems, voice verification systems,
signature verification systems, iris recognition
systems, and retinal scanners).


HARDWARE THEFT AND VANDALISM

Hardware theft is the act of

stealing computer equipment.
Hardware vandalism is the act of
defacing or destroying computer
equipment


Safeguards against Hardware Theft and Vandalism

Physical access control

Technical control
Adminstrative control

Software Theft
Another computer security risk is
software theft. Software theft occurs
when someone (1) steals software
media,
(2) intentionally erases programs,
(3) illegally copies a program, or
(4) illegally registers and/or activates
a program.

Safeguards against Software Theft

To protect software media from being
stolen, owners should keep original
software boxes and media in a secure
location, out of sight of prying eyes.
All computer users should back up their
files and disks regularly, in the event of
theft.
When some companies terminate a
programmer or if the programmer quits,
they escort the employee off the premises
immediately

 To protect themselves from software

piracy, software manufacturers issue
users licenseagreements.
A license agreement is the right to
use the software. That is, you do not
own the software. The license
agreement provides specific
conditions for use of the software,
which a user must accept before
using the software

 The most common type of license

included with software purchased by
individual users
is a single-user license agreement,
also called an end-user license
agreement(EULA).

A single-user license agreement typically includes many of the

following conditions that specify a users responsibility upon
acceptance of the agreement.
Users are permitted to:
Install the software on only one computer. (Some license
agreements allow users to install the software on one desktop
computer and one notebook computer.)
Make one copy of the software as a backup.
Give or sell the software to another individual, but only if the
software is removed from the users computer first.

Users are not permitted to:

Install the software on a network, such as a school computer lab.
Give copies to friends and colleagues, while continuing to use the
software.
Export the software.
Rent or lease the software.

information theft

Information theft occurs when

someone steals personal or
confidential information. If stolen, the
loss of information can cause as
much damage as (if not more than)
hardware or software theft.

Safeguards against Information Theft

Encryption
Encryption is a process of converting readable data into
unreadable characters to prevent unauthorized access.
You treat encrypted data just like any other data. That is,
you can store it or send it in an e-mail message.
To read the data, the recipient must decrypt, or
decipher, it into a readable form.
In the encryption process, the unencrypted, readable
data is called plaintext. The encrypted (scrambled) data
is called ciphertext.
An encryption algorithm, or cypher, is a set of steps
that can convert readable plaintext into unreadable
ciphertext.

 Check notice

Benefits of encription

Identity theft protection

Unauthorized access protection
Compliance with data protection act
Safe decommissioning of computers
Peace of mind

System Failure
A system failure is the prolonged malfunction
of a computer. System failure also can cause
loss of hardware, software, data, or information.
A variety of causes can lead to system failure.
These include aging hardware; natural disasters
such as fires, floods, or hurricanes;
random events such as electrical power
problems; and even errors in computer
programs.

 Noise is any unwanted signal,

usually varying quickly, that is mixed
with the normal voltage entering the
computer
An undervoltage occurs when the
electrical supply drops. In North
America, a wall plug usually supplies
electricity at approximately 120 volts

 A brownout is a prolonged (more

than a minute) undervoltage
.A blackout is a complete power
failure.Undervoltages can cause data
loss but generally do not cause
equipment damage.

 An overvoltage, or power surge,

occurs when the incoming electrical
power increases, often defined as
more than five percent, above the
normal volts.

Safeguards against System Failure

A surge protector, also called a

surge suppressor
An uninterruptible power supply
(UPS)
Online and standbay UPS

 https://www.dropbox.com/s/q8qom7j
qiq0qrc8/Screenshot%202015-0430%2007.14.22.png?dl=0