COMPUTER SECURITY

LECTURE 8
COMPUTER SECURITY
■ Computer security also known as cyber security or IT security, is the
protection of computer systems from the theft or damage to their
hardware, software or information, as well as from disruption or
misdirection of the services they provide.
■ Security refers to the providing a protection system to the computer
system resources such as CPU, memory, disk, software programs and
mostly importantly data/ information stored in the computer.
Some differences between
traditional security and information
security
■ Information can be stolen - but you still have it
■ Confidential information may be copied and sold - but the theft
might not be detected
■ The criminals may be on the other side of the world

3
To protect a system, we must take security
measures at four levels

■ Physical. The site or sites containing the computer systems must be

physically secured against armed or surreptitious entry by intruders
■ Operating system. The system must protect itself from accidental
or purposeful security breaches.
■ Human. Authorization must be done carefully to assure that only
appropriate users have access to the system
■ Network. Much computer data in modern systems travels over
private leased lines, shared lines like the Internet, wireless
connections, or dial-up lines. Intercepting these data could be just as
harmful as breaking into a computer; and interruption
communications could constitute a remote denial-of-service attack,
diminishing users' use of and trust in the system
Elements of computer
security
■ Confidentiality. Only authorized users can access the data resources
and information.
■ Integrity. This is ensuring that the information is accurate, complete,
reliable, and is in its original form.
■ Availability. Is ensuring that the information is accessible to
authorized persons when required without delay
■ Authenticity. Is the identification and assurance of the origin of the
information
■ Non repudiation. Non-repudiation is the prevention of either the
sender or the receiver denying a transmitted message. A system must
be able to prove that certain messages were sent and received
Attacks and threats

■ A vulnerability is a weakness in design, implementation, operation or

internal control.
■ A threat is an object, person, or other entity that represents a
constant danger to an asset.
■ Threats exploit the weaknesses of vulnerabilities, resulting in potential
damage and loss of data. These threats can be imposed through
different attack mechanisms.

■ Malware
Malware is one of the more common ways to infiltrate or damage your
computer. Malicious software that infects your computer, such as
computer viruses, worms, Trojan horses, spyware, and adware
Threats

■ A threat in the context of computer security refers to anything that

can lead to loss or corruption of data or physical damage to the
computer.
■ The first step in protecting your computer is knowing how to identify
computer security threats.
■ Threats could be physical such as someone stealing a computer that
contains vital data, or non-physical such as virus attacks.
The most common types of non-physical threats include the following:
■ Virus
This is the most well-known kind of malware. A virus is a piece of code that
can reproduce itself by attaching a copy of itself to another program,
analogous to how biological viruses reproduce. The virus can do other things
in addition to reproducing itself. Unfortunately, it can also modify, destroy,
or steal files (by e-mailing them somewhere). Another thing a virus can do is
to render the computer unusable as long as the virus is running. This is
called a DOS (Denial of Service) attack

■ Trojans
This is a program that apparently performs a valid function perhaps it is a
game or a supposedly "improved" version of a useful utility. But when the
Trojan horse is executed some other function is performed, perhaps
launching a worm or virus or performing one of the nasty things that
malware does. The effects of a Trojan horse are likely to be subtle and
stealthy. Unlike worms and viruses
■ Worms
This is related to the virus. Whereas a virus is spread by attaching itself to
another program, and is executed when its host program is executed, a worm is
a free-standing program. Worms spread by using networks to transmit copies of
themselves to other computers
■ Spyware
is software that is secretly installed on a computer without the user’s consent. It
monitors user activity or interferes with user control over a personal computer
■ Logic bomb
Logic bomb is a situation when a program misbehaves only when certain
conditions met otherwise it works as a genuine program. It is harder to detect..
■ Adware
is software which automatically plays, displays, or downloads advertisements to
a computer. The adware runs either after a software program has been installed
on a computer or while the application is being used. In some cases, adware is
accepted by users in exchange for using software free-of-charge. Not all adware
is innocuous, however. Some types of adware are also spyware and therefore a
threat to privacy.
■ Spam.
Email spam is the electronic version of junk mail. It involves sending
unwanted messages to a large number of recipients. Spam is a serious
security concern as it can be used to deliver email that could contain
Trojan horses, viruses. Worms and spy ware.
ATTACKS

■ Definition: An attack refers to an attempt to obtain, destroy, remove,

implant or reveal information without authorized access or
permission.
■ A cyber-attack is an intentional exploitation of computer systems,
networks, and technology-dependent enterprises. These attacks use
malicious code to modify computer code, data, or logic
The most common types of attacks include the following:
■ Phishing Attacks
Phishing is a type of social engineering usually employed to steal user data such
as credit card numbers and login credentials. It happens when an attacker,
posing as a trusted individual, tricks the victim to open a text message, email, or
instant message.
■ Spear Phishing Attacks
Spear phishing is an email aimed at a particular individual or organization,
desiring unauthorized access to crucial information. These hacks are not
executed by random attackers but are most likely done by individuals out for
trade secrets, financial gain, or military intelligence
■ SQL Injection
SQL injection, also known as SQLI, is a kind of attack that employs malicious code
to manipulate backend databases to access information that was not intended for
display. This may include numerous items including private customer details, user
lists, or sensitive company data.
■ Social Engineering-
Social engineering is the use of persuasion or deception to gain access to
information systems. The medium is usually a telephone or e-mail message. The
attacker usually pretends to be a director or manager in the company traveling
on business with a deadline to get some important data left on their network
drive.
■ Spoofing
is an attack in which a person or program masquerades as another. A common
tactic is to spoof a URL or website
■ Pharming
is an attack in which a hacker attempts to redirect a website's traffic to another,
bogus website. Pharming can be conducted either by changing the hosts file on
a victim’s computer or by exploitation of a vulnerability in DNS server software.
■ Denial of service attack.
A denial of service attack (Do’s attack) or distributed denial of service attack
(DDoS) is an attempt to make a computer resource unavailable to its intended
users.
■ Man in the middle attack.(MitM)
MitM attack occurs when a hacker inserts itself between communications
of a client and server.
An example of MitM is session hijacking.
During session hijacking, the attacker hijacks a session between the
trusted client and server. The attacking computer substitutes its IP
address for a trusted client while the server continues the session
believing its communicating with the client.
■ Evaesdropping attacks
occur through the interception network traffic. By Evaesdropping an
attacker can obtain passwords, credit card numbers and other
confidential information that he user may be sending over the network.
Evaes dropping can be active or passive.
Active Eavesdropping. An hacker actively grabs information by disguising
himself as a friendly unit and by sending queries to transmitters.
Passive Eavesdropping. A hacker detects the information by listening to
the message in the transmission network.
Inside attacks

■ Inside attacks are malicious attacks performed on a computer system

or network by an individual authorized to access the system. Inside
attackers are more dangerous in that they have authorized system
access.
■ They may also understand the system policies and network
architecture. Furthermore, there is less security against insider attacks
since most organizations focus on defending against external attacks
SECURTIY METHODS
Security methods these refer to how computer resources are guarded
against unauthorised access, malicious destruction or alteration and
accidental introduction of inconsistency
■ Physical security
Here computer systems must be physically secured against armed or
surreptitious entry by intruders. Both the machine rooms and the
terminals or workstations that have access to the machines must be
secured
 1: Physical security

Here computer systems must be physically secured against armed or

surreptitious entry by intruders. Both the machine rooms and the terminals or
workstations that have access to the machines must be secured
How physical security can be achieved
■ Locking rooms for example a server room
■ Use of locking kits. Both servers and workstations should be protected
from intruders who can open the case and take the inner components like
the hard drive, and others so locking kits can be used.
■ Set up surveillance. Surveillance cams can monitor continuously, or they
can use motion detection technology to record only when someone is
moving about
■ Disable the drives. If you don't want people copying information to
removable media, you can disable or remove floppy drives, USB ports, and
other means of connecting external drives
2: Authentication
■ Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be.
■ There are two main varieties of authentication algorithms; the first
step in understanding these algorithms is to explore harsh functions.
■ A harsh function creates a small fixed-sized block of data known as a
message digest or harsh value from a message. These message
digests are useful for detecting changed messages but are not useful
as authenticators. The first authentication algorithm uses symmetric
encryption.
■ The second main type of authentication algorithm is a digital-
signature algorithm and the authenticators produced are called digital
signatures.
3: Passwords
■ A password is a word or string of characters used for user
authentication to prove identity or access approval to gain access to a
resource which is to be kept secret from those not allowed access
■ The most common approach to authenticating a user identity is the
use of passwords. When the user identifies herself by user ID or
account name, she is asked for a password. If the user-supplied
password matches the password stored in the system, the system
assumes that the account is being accessed by the owner of that
account
4: Cryptography.
■ This is used to constrain the potential senders and receivers of a
message where modern cryptography is based on secrets called keys
that selectively distributed to computers in a network and used to
process messages.
■ It enables a recipient of message to verify that the message was
created by some computer possessing a certain key where the key is
the source of the message.
■ It provides a much more trustworthy means of constraining senders
and receivers of messages in that a sender can encode its message
so that only a computer with a certain key can decode the message,
so that the key becomes the destination
 5: Encryption.
This is a process of encoding a message so that its meaning is not
obvious. In other words information is in such a way that only authorized
parties can access it.
Types of encryption
■ Symmetric cryptography
This is a form of encryption that uses a secret key, called the shared
secret, to scramble the data into unintelligible gibberish. The person on
the other end needs the shared secret (key) to unlock the data ~
encryption algorithm. Encryption is a kind of cryptography
■ Asymmetric cryptography
This uses encryption that splits the key into two smaller keys. One
of the key is made public and the other one is kept private. You can
encrypt a massage with the recipient public key. The recipient can then
decrypt it with their private key. And then they can do the same, they
encrypt with your public key and then you decrypt with your private key.
In this case one doesn’t need to access your private key to send
you an encrypted message, he only needs that public key which is like a
phone number
Benefits of encryption.
■ Encryption is used to protect data at rest such as information stored in
computers and on storage devices. I.e. flash disk.
■ Encryption can be also used to protect data in transit. For example
data being transferred via networks, mobile telephones. Data should
be protected in order to protect it from eavesdropping of network
traffic by unauthorized users.
■ Encryption removes stress from this situation as it ensures that data
being transferred remains secure regardless of the device on which
it’s stored
6: Firewall
■ A firewall is a computer, appliance, or router that sits between the
trusted and the untrusted.
■ A network firewall limits network access between the two security
domains and monitors and logs all connections
■ A personal firewall is a software layer either included with the
operating system or added as an application.
■ An application proxy firewall understands the protocols that
applications speak across the network. For example, SMTP is used for
mail transfer
Types of firewalls
Packet-Filtering Firewalls
■ As the most “basic” and oldest type of firewall architecture, packet-
filtering firewalls basically create a checkpoint at a traffic router or
switch. The firewall performs a simple check of the data packets
coming through the router—inspecting information such as the
destination and origination IP address, packet type, port number, and
other surface-level information without opening up the packet to
inspect its contents.
■ If the information packet doesn’t pass the inspection, it is dropped.
 Types of firewalls
Circuit-Level Gateways
■ As another simplistic firewall type that is meant to quickly and easily
approve or deny traffic without consuming significant computing
resources, circuit-level gateways work by verifying the transmission
control protocol (TCP) handshake. This TCP handshake check is
designed to make sure that the session the packet is from is
legitimate.
■ While extremely resource-efficient, these firewalls do not check the
packet itself. So, if a packet held malware, but had the right TCP
handshake, it would pass right through. This is why circuit-level
gateways are not enough to protect your business by themselves.
 Types of firewalls
Stateful Inspection Firewalls
■ These firewalls combine both packet inspection technology and TCP
handshake verification to create a level of protection greater than
either of the previous two architectures could provide alone.
■ However, these firewalls do put more of a strain on computing
resources as well. This may slow down the transfer of legitimate
packets compared to the other solutions.
 Types of firewalls
Proxy Firewalls (Application-Level Gateways)
■ Proxy firewalls operate at the application layer to filter incoming traffic
between your network and the traffic source—hence, the name
“application-level gateway.” Rather than letting traffic connect
directly, the proxy firewall first establishes a connection to the source
of the traffic and inspects the incoming data packet.
■ This check is similar to the stateful inspection firewall in that it looks
at both the packet and at the TCP handshake protocol. However, proxy
firewalls may also perform deep-layer packet inspections, checking
the actual contents of the information packet to verify that it contains
no malware.
 7: backup
Backup refers to copying and archiving of computer data so that it may
be used to restore the original after a data loss event.
Types of backup
■ Full backups
The most basic and complete type of backup operation is a full backup.
As the name implies, this type of backup makes a copy of all data to
another set of media, which can be tape, disk or a DVD or CD. The
primary advantage to performing a full backup during every operation is
that a complete copy of all data is available with a single set of media.
 Types of backup
■ Incremental backups
An incremental backup operation will result in copying only the data that
has changed since the last backup operation of any type. The modified
time stamp on files is typically used and compared to the time stamp of
the last backup. Backup applications track and record the date and time
that backup operations occur in order to track files modified since these
operations.
■ Differential backups
A differential backup operation is similar to an incremental the first time
it is performed, in that it will copy all data changed from the previous
backup. However, each time it is run afterwards, it will continue to copy
all data changed since the previous full backup.
Other security mechanisms
■ Access control; is selective restriction to a place or resource
permission. It’s called authorization
■ Antivirus software: Software that checks computer systems and drives
for the presence of computer malware and can eliminate the malware
from the infected area
■ Install real-time anti-spyware protection
■ Perform daily scans
■ Keep anti-malware applications current
■ Make users aware of the risks.
■ Avoiding downloading from untrusted websites. While working
online you may find some various files that seem to be useful to you
but before you download them first scan them for malware
SECURITY DEFENCE
METHODS
■ Security policy
Policies vary widely but generally include a statement of what is being
secured. Policy is a road map to security, and if a site is trying to move
from less secures to more secure, it needs a map to know how to get
there
■ Vulnerability assessment.
Executing a vulnerability assessment helps on how we determine
whether a security policy has been correctly implemented
■ Intrusion Detection
Securing systems and facilities is intimately linked to intrusion detection.
Access Controls

■ The limitation and control of access through identification and

authentication.
■ A system needs to be able to indentify and authenticate users for
access to data, applications and hardware.
■ In a large system there may be a complex structure determining
which users and applications have access to which objects.

34
THE END