Chapter One

Introduction to Computer Security

 What is Security?
 Security : “the quality or state of being free from danger” Or
“ measures taken to guard against espionage, sabotage, crime,
attack, or escape.”
Security is about
• Threat: is any potential occurrence, malicious or
otherwise, that could harm an asset. In other words, a
threat is any bad thing that can happen to your assets.
• Vulnerability: is a weakness that makes a threat
possible. This may be because of poor design,
configuration mistakes, or inappropriate and insecure
coding techniques
• Attacks: is an action that exploits a vulnerability or
enacts a threat. Examples of attacks include sending
malicious input to an application or flooding a network
2
in an attempt to deny service.
 Computer Security
 Computer security is about provisions and policies adopted to
protect information and property from unauthorized access,
use, alteration, degradation, destruction, theft, corruption,
natural disaster, etc. while allowing the information and
property to remain accessible and productive to its intended use
 Privacy: The right of the individual to be protected against
intrusion into his personal life or affairs, or those of his family

Physical Security

3
 Computer Security: when there is connection to networks
(Network security) it deals with provisions and policies adopted to
prevent and monitor unauthorized access, misuse, modification, or
denial of the computer network and network-accessible resources

Physical Security

4
 “The most secure computers are those not connected to the
Internet and shielded from any interference”

5
Threats, vulnerabilities, Controls
 Vulnerability is a point where a system is susceptible to
attack.
 Threat is a possible danger to the system.
It might be a person (cracker or a spy),
a thing (a faulty piece of equipment),
an event (a fire or a flood) that might exploit a vulnerability of
the system.
Countermeasures are techniques for protecting your
system.

6
Vulnerabilities
 Physical vulnerabilities
 break into your server room, device theft, steal backup
media and printouts,
 Locks, guards, Surveillance cams, Burglar alarms
 Natural vulnerabilities
 vulnerable to natural disasters and to environmental
threats, power loss
 Natural disasters:
disasters fire, flood, earthquakes, lightning
 environmental threats:
threats Dust, humidity, and uneven
temperature conditions
 air conditioning and heating systems……UPS,…..back ups

7
Vulnerabilities…
Hardware and Software vulnerabilities
 protection features failure lead to open security
holes
 open some "locked" systems by introducing extra
hardware
 Software failures: antivirus ,firewall failures

Media vulnerabilities
 can be stolen, damaged by dust or electromagnetic
fields.
 keep backup tapes and removable disks clean and
dry

8
Vulnerabilities…
Communication vulnerabilities
 Wires can be tapped, physicaly damaged, EMI
 Fiber optics

Human vulnerabilities
 the greatest vulnerability of all
 Employees, contractors
 Choose employees carefully

9
The Human Factor
 The human factor is an important component of computer security
 Some organizations view technical solutions as “their solutions”
for computer security. However:
 Technology is fallible
 Eg. UNIX holes that opened the door for Morris worm
 The technology may not be appropriate
 Eg. It is difficult to define all the security requirements and
find a solution that satisfies those requirements
 Technical solutions are usually (very) expensive
 Eg. Antivirus purchased by ETC to protect its Internet
services
Threats
Threats fall into three main categories based on
the source: natural, unintentional, and
intentional.
Natural: fires, floods, power failures, and other
disasters
fire alarms, temperature gauges, and surge protectors
backing up critical data off-site.
Unintentional threats: delete a file, change of
security passwords
Training , security procedures and policies

11
 Threats…
• Intentional threats: outsiders and insiders
• Outsiders may penetrate systems in a variety of ways:
• simple break-ins of buildings and computer rooms;
• disguised entry as maintenance personnel;
• anonymous, electronic entry through modems and
network connections;
• and bribery or coercion of inside personnel.
• Although most security mechanisms protect best
against outside intruders, surveys indicates that most
attacks are by insiders.

12
Threats…
• Estimates are that as many as 80 percent of
system penetrations are by fully authorized users
who abuse their access privileges to perform
unauthorized functions.
• "The enemy is already in, we hired them.”
• Insiders are sometimes referred as living Trojan
horses
• There are a number of different types of insiders.
• fired or disgruntled employee might be trying to steal
revenge ; employee might have been blackmailed or
bribed by foreign or corporate enemy agents.

13
Threats…
• greedy employee might use her inside knowledge to
divert corporate or customer funds for personal
benefit.
• insider might be an operator, a systems
programmer, or even a casual user who is willing to
share a password.
• Don't forget, one of the most dangerous insiders
may simply be lazy or untrained.
• He doesn't bother changing passwords,
• doesn't learn how to encrypt email messages and
other files,
• leaves sensitive printouts in piles on desks and
floors, and ignores the paper shredder when
disposing of documents.
14
Security Attacks
• Any action that compromises the security of
information owned by an organization.
• Classification security attacks
• passive attacks and active attacks.
• A passive attack attempts to learn or make use of
information from the system but does not affect
system resources.
• An active attack attempts to alter system resources or
affect their operation.
operation

15
Security attacks

Normal flow of information

Interception
Interruption

Modification Fabrication

16
 Countermeasures
Authentication
 Physical security
 Password,cards,biometrics
 Laws
 Encryption
 Backups
 Auditing
 Standards
 Administrative procedures

17
Basic Security Objectives (Pillars) - CIA

 Confidentiality: This term covers two Confidentiality

related concepts:
 Data confidentiality: Assures that
private or confidential information
or resources (resource and
configuration hiding) are not made Integrity Availability
available or disclosed to
unauthorized individuals
 Is compromised by reading and copying
 In network communication, it means only sender and
intended receiver should “understand” message contents
 Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and
by whom and to whom that information may be disclosed
18
  Integrity: This term covers two related concepts
 Data integrity: Assures that information and programs are
changed only in a specified and authorized manner
 In network communication, sender and receiver want to
ensure that the message is not altered (in transit or
afterwards) without detection
 System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system
 Is compromised by deleting, corrupting, and tampering with
 Availability: Assures that systems work promptly and service is
not denied to authorized users
 Authenticity: Some say it is a missing component of objectives in
CIA. It is the property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a
message, or message originator; or sender and receiver want to
confirm the identity of each other 19
1.1.2 Policy and Mechanism

 A security policy is a statement of what is, and what is not,

allowed by users of a system
 A security mechanism is a method, tool, or procedure for
enforcing a security policy
 More on this in Chapter 5 - Security Mechanisms and
Techniques

20
1.1.3 Goals of Security
 Given a security policy’s specification of “secure” and “nonsecure”
actions, security mechanisms can prevent (defend) the attack,
detect the attack, or recover from the attack
 Prevention/Defence: take measures to prevent the damage; it
means that an attack will fail; e.g., passwords to prevent
unauthorised users or Intrusion Prevention Systems (IPSs)
 Detection: if an attack cannot be prevented; when, how and
who of the attack have to be identified; e.g., when a user
enters a password three times; Intrusion Detection Systems
(IDSs)
 Recovery/Reaction: take measures to recover from the
damage; e.g., restore deleted files from backup; sometimes
retaliation (attacking the attacker’s system or taking legal
actions to hold the attacker accountable)
 The three strategies are usually used together
 A fourth approach is deterrence; involves active steps to beat off
21
attacks; discourage them even to try attacking
 Example 1: Protecting valuable items at home from a burglar
 Prevention: locks on the door, guards, hidden places, etc.
 Detection: burglar alarm, guards, Closed Circuit Television
(CCTV), etc.
 Recovery: calling the police, replace the stolen item, etc.
 Example 2: Protecting a fraudster from using our credit card in
Internet purchase
 Prevention: Encrypt when placing order, perform some check
before placing order, or don’t use credit card on the Internet
 Detection: A transaction that you had not authorized appears
on your credit card statement
 Recovery: Ask for new card, recover cost of the transaction
from insurance, the card issuer or the merchant

22
 Software security assurance
• Software security is the idea of software engineering so that it
continues to function correctly under malicious attack.
• Software security is an idea implemented to protect software against
malicious attack and other hacker risks so that the software
continues to function correctly under such potential risks
• Any compromise to integrity, authentication and availability
makes a software unsecure.
• Software systems can be attacked to steal information, monitor
content, introduce vulnerabilities and damage the behaviour of
software.
• Malware can cause DoS (denial of service) or crash the system
itself.
23
Software Security Threats
 Software defects with security ramifications including
• implementation bugs such as buffer overflows and
• design flaws such as inconsistent error handling.
 Buffer overflow, stack overflow, command injection
and SQL injections are the most common attacks on
the software.
 Buffer and stack overflow attacks overwrite the
contents of the heap or stack respectively by writing
extra bytes.
24
Software Security Threats
• Command injection can be achieved on the software code
when system commands are used predominantly.
• New system commands are appended to existing commands
by the malicious attack.
• Sometimes system command may stop services and cause
DoS.
• SQL injections use malicious SQL code to retrieve or modify
important information from database servers.
• SQL injections can be used to bypass login credentials.
• Sometimes SQL injections fetch important information from a
25
Software security assurance
• Malicious intruders can hack into systems by exploiting software
defects
• Software security includes:
• software design principles including the principles of
• least privilege,
• fail-safe stance, and
• defence-in-depth (These also included in Computer Security)
• Internet-enabled software applications present the most common
security risk encountered today, with software’s ever-expanding
complexity and extensibility adding further fuel to the fire.

26