Computer Security

29 Sept 2023
th

Arris[n] Class Notes

 Differences between active and passive attack
Active Attack
Modification in information takes place.
Is a danger to Integrity as well as availability.
A attention is on prevention.
Victim gets informed about the attack.
System resources can be changed.
Is tough to restrict from entering systems or
networks.
Can be easily detected.
the original information is modified.
The duration of an active attack is short.
Passive Attack
No modification in the information take place.
Is a danger to Confidentiality.
While in passive attack attention is on
detection.
Victim does not get informed about the attack.
System resources are not changing.
Is easy to prohibit in comparison to active
attack.
Very difficult to detect.
original information is Unaffected.
The duration of a passive attack is long.
Types of attacks
1. Malware
Malware can be used for a range of objectives
from stealing information, to defacing or
altering web content, to damaging a
computing system permanently. Examples of
malware: virus, worms, Trojan horse, adware,
spyware, ransomware, rootkits, botnets.
Ransomware. This is malware that uses
encryption to deny access to resources (eg.
user’s files), usually in an attempt to force the
victim to pay a ransom.
2. Denial-of-service (DoS) attacks
overwhelm the target system so it cannot
respond to legitimate requests.
3. Distributed denial-of-service (DDoS)
attacks are similar but involve multiple host
machines.
4. SQL Injection
SQL injection is a type of attack which is
specific to SQL databases. SQL databases use
SQL statements to query the data, and these
statements are typically executed via an
HTML form on a webpage.
5. Social engineering attack involves
impersonating a trusted person or entity,
and tricking individuals into granting an
attacker sensitive information,
transferring funds, or providing access to
systems or networks.
6. Phishing attacks occur when a
malicious attacker sends a message that
appears to be from a trusted and
legitimate source and obtains sensitive
information from a target .
7. MitM Attacks
Man-in-the-Middle (MitM) attacks are
breaches that allow attackers to intercept the
data transmitted between networks, computers
or users. The attacker can also modify messages
before sending them on to the intended recipient.
8. Zero-day Exploit
A zero-day exploit is where cyber-criminals learn
of a vulnerability that has been discovered in
certain widely-used software applications and
operating systems, and then target organizations
who are using that software in order to exploit
the vulnerability before a fix becomes available.
Cryptojacking is where cybercriminals
compromise a user’s computer or device and
use it to mine cryptocurrencies, such as Bitcoin.
10. Cross-site Scripting (XSS) Aattacks
Cross-site scripting attacks are quite similar to
SQL injection attacks, although instead of
extracting data from a database, they are
typically used to infect other users who visit the
site.
11.Password Attack
A password attack, as you may have already
guessed, is a type of cyber-attack where an
attacker tries to guess, or “crack” a user’s
12. Eavesdropping Attacks
Sometimes referred to as “snooping” or
“sniffing”, an eavesdropping attack is where the
attacker looks for unsecured network
communications in an attempt to intercept and
access data that is being sent across the
network.
13. Insider Threats
Insider threats, which consist of current or
former employees, present a significant danger
to organizations due to their unrestricted access
to the company network, including sensitive
data and intellectual property.
Sources of virus and other attacks
1. Opening suspicious email attachments
2. Attaching unsecured removable or external
storage devices (e.g., flash drives, external hard
drives, memory cards)
3. Accessing malicious websites
4. Clicking malicious ads (adverts)
5. Downloading malicious and unlicensed
applications
6. peer-to-peer file sharing
7. installing cracked / pirated software
8. Bluetooth file transfers
9. unpatched software
Threat protection / protection against
attacks
> Ensure that you have the latest and
greatest anti-malware/spam protection
software installed.
> Ensure that your staff is trained to identify
malicious emails and websites.
> Keep all software patched and up-to-date.
> Only use administrator accounts when
absolutely necessary.
> Ensure that HTML form input validation .
> Monitor your network for malicious activity,
> Use end-to-end encryption
> Using a VPN (a virtual private network)
> Have a strong password policy, and use multi-factor
authentication where possible.
> Use salting. Extending the number of characters in
a password to make it complex
> Using firewall and intrusion detection systems (IDS)
> Always look for “HTTPS” at the beginning of each
URL
> Implement strong authentication and access
controls
> Carry out penetration tests to identify vulnerabilities
> Encryption
> Regular backup
Review : cyber attacks

1. Social engineering attack

2. Phishing attacks
3. Man-in-the-Middle (MitM)
4. Zero-day Exploit
5. Cryptojacking
6. Password Attack
7. Eavesdropping Attacks
8. Insider Threats
Cyber crimes
Cybercrime refers to criminal conduct committed
with the aid of a computer or other electronic
equipment connected to the internet.
A cybercrime is also explained as a type of
crime that targets or uses a computer or a group
of computers under one network for the purpose
of harm.

Cybercrimes are committed using computers

and computer networks. They can be targeting
individuals, business groups, or even
governments.
Types of cyber crimes
1. Identity theft and fraud
2. Cyberstalking. This kind of
cybercrime involves online harassment
3. Social Engineering. This involves
criminals making direct contact with you
usually by phone or email.
4. Online Scams. These are usually in
the form of ads or spam emails that
include promises of rewards or offers of
unrealistic amounts of money.
5. Sexting and pornography
6. Cyber bullying
7. Black hat hackers
8. Cyber terrorism
8. Blackmail
9. Unwanted content
10. Ransomware
11. Cyber sex trafficking
Damage caused by threats
a) To home users
- It can corrupt data files, system settings
and computer files
- Harvest user’s data and send it to
cybercriminals
- Hide from being detected by antivirus
- Recruit your computer in a botnet
- Performance degradation
b) Effects on corporate organizations
- Web deffacements and Semantic Attacks are
used to propagate false information by changing
the web page content subtly.
- In Domain Name Server (DNS) Attacks, when
the user requests for a particular website to the
DNS server, then he/she is diverted to an unwanted
website because of a wrong Internet Protocol (IP)
address generated by the DNS server (DHCP).
- Distributed Denial of Service (DDoS) Attacks
involves high volume of communications to the
targeted computers. It is the strategy that cyber
attackers use to slow down those targeted
computers.
Review question
With an example, explain how you
can protect a computer from
physical threats?
Review question
How to protect a computer system
from logical threats
Access controls in computer security
In computer security, access control includes
authentication and authorization
a) Identification occurs when a user claims or
prosesses an identity. This can be accomplished
with a username, a process ID, a smart card, or
anything else that can uniquely identify a user.
b) Authentication means checking of the user is
whom they claim to be by verifying if their
credentials (userIDs and passwords ) matches those
in a stored database.
c) Authorization is the process of giving someone
permission to do or have something in multi-user
system.
Biometric authentication
This is a security process that relies on the unique
biological characteristics of an individual to verify
that he/she is who is says he/she is.
Types of biometric Authentication
technologies
1. Retina scans produce an image of the blood
vessel pattern in the eye.
2. Iris recognition is used to identify individuals
based on unique patterns within the ring-shaped
region surrounding the pupil of the eye.
3. Finger scanning is the digital version of the
ink-and-paper fingerprinting process
4. Finger vein ID is based on the unique
vascular pattern in an individual’s finger.
5. Facial recognition systems work with
numeric codes called face prints.
6. Voice identification systems rely on
characteristics created by the shape of
the speaker’s mouth and throat
7. hand written signature
8. keystrokes – speed of typing
9. Heart beat
Would you prefer to use biometric
authentication over password? Give
reasons WHY?
Encryption and Decryption
Cryptography means “secret writing.” ie the
science and art of transforming messages to make
them secure and immune to attacks.
a) Encryption is the process of encoding a
message in such a way that only authorized parties
can read it. Converting plain text(clear text) to
cipher text.
b) Decryption is the process of taking encoded or
encrypted text or other data and converting it back
into text that you or the computer can read and
understand. Converting cipher text to plain text.
c) Cryptosystem: A combination of encryption
and decryption methods
Quiz
Use three characters in an information exchange
scenario; we use computers called Mulisa, Ndoli,
and Kamana.
Mulisa is the person who needs to send secure
data.
Ndoliis the recipient of the data.
Kamana is the person who somehow disturbs the
communication between Mulisa and Ndoli by
intercepting messages to uncover the data or by
sending her own disguised messages.
a. In the scenario, identify to whom belong
cleartext, plaintext and ciphertext
b. Differentiate ciphertex to plaintext
Cyber Security Tasks.

Study the following scenarios and

answer the question that follows.
Your supervisor is very busy and asks you
to log into the Human Resource Server
using her user-ID and password to
retrieve some reports. What should you
do?
a) It’s your boss, so it’s okay to do this.
b) Ignore the request and hope she
forgets.
c) Decline the request and remind your
supervisor that it is against User Control
policy.
the Help Desk:
Dear Gmail User,
Beginning next week, we will be deleting all
inactive email accounts in order to create space
for more users. You are required to send the
following information in order to continue using
your email account. If we do not receive this
information from you by the end of the week, your
email account will be closed.
*Name (first and last): *Email Login: *Password:
*Date of birth: *Alternate email:
Please contact the Webmail Team with any
questions. Thank you for your immediate
attention.
scenario#3. A friend sends an
electronic Christmas greeting card (e-
card) to your work email. You need to
click on the attachment to see the card.
What should you do? Give a reason
to support your answer
Senario#4. One of the staff members in
ITS subscribes to a number of free IT
magazines. Among the questions she
was asked in order to activate her
subscriptions, one magazine asked for
her month of birth, a second asked for
her year of birth, and a third asked for
her mother's maiden name. Q: What do
you think might be going on here?
back where someone used their yahoo
account at a computer lab at school. She
made sure her yahoo account was no
longer open in the browser window
before leaving the lab. Someone came in
behind her and used the same browser
to re-access her account. They started
sending emails from it and caused all
sorts of mayhem.
Q: What do you think might be
going on here?
scenario#6. In our computing labs and
departments, print billing is often tied to
the user's login. People login, they print,
they (or their department) get a bill.
Sometimes people call to complain about
bills for printing they never did only to
find out that the bills are, indeed,
correct.
Q: What do you think might be
going on here?
Next Lesson >>>>>

UNIT 2
LAN ARCHITECTURE, NETWORK
PROTOCOLS AND MODELS
Homework
Q1 (a) What do you understand by social
engineering technique? Give examples. (3 marks)
(b) By using example, explain access control in
authorization. (2 marks)
Qn2. How can the following threats/attacks be
prevented
a) Insider Threats
b) Cross-site Scripting (XSS) Aattacks
c) Cryptojacking
d) Zero-day Exploit
e) SQL Injection
f) DoS and DDoS Attacks
Homework continued ……………
Qn3. Differentiate between physical security and
logical security. Give examples of each. (2 marks)
Qn4. How to prevent cyber attacks? how to protect
computer systems from cyber attacks. (10 marks)
Qn5. What mechanisms can we use to prevent
phishing attacks? (3 marks)
Qn6. (a) List the causes of Physical threats. (3
marks)
(b) List the causes of logical threats. (3 marks)
Qn7. Compare and contrast worms and virus. (3
marks)
Qn8. To control access to systems data, what
authentication mechanisms can be used? (3 marks)