1

CHAPTER 1:
PRELIMINARIES
 Objectives
The learning objectives of this chapter are:
 Definition of computer security.
 Describe the triad security requirements of confidentiality,
integrity and availability.
 Understand terminologies used in computer security.
 Describe the computer security principles
 Describe the honeypot security network.

2
 The Big Picture

3
https://ccis.no/cyber-security-versus-information-security/

ICT: Information and communications

 • What is Computer Security?
• The protection afforded to an
automated information system in
order to attain the applicable
1.1 objectives of preserving the
INTRODUCTION integrity, availability, and
OF COMPUTER
confidentiality of information system
SECURITY
resources (includes hardware,
software, firmware, information/data,
and telecommunications).

4
1.1 INTRODUCTION OF COMPUTER SECURITY

• The word “protection” relies on the “90/10” rule:

 10% of “protection” are technical.

 90% of “protection” relies on computer users

“YOU” and how to adhere to good practices.

5
1.2 COMPUTER SECURITY CONCEPTS


What is CIA?


CIA Triad

6
1.2 COMPUTER SECURITY CONCEPTS

1. Confidentiality:
• Preserving authorized restrictions on
information access and disclosure, including means
for protecting personal privacy and proprietary
information.

• A loss of confidentiality is the unauthorized

disclosure of information.

7
 1.2 COMPUTER SECURITY CONCEPTS

Confidentiality examples:
• Individual files are locked and secured.

• Support workers do not tell other people

what is in a client’s file unless they have
permission from the client.

• Clients’ medical details are not discussed

without their consent.

8
9 1.2 COMPUTER SECURITY CONCEPTS

• Integrity:
• Guarding against improper information
modification or destruction, including ensuring
information non-repudiation and authenticity.

• A loss of integrity is the unauthorized

modification or destruction of information.
 1.2 COMPUTER SECURITY CONCEPTS
“ I don’t know how my site
keeps getting hacked.
Integrity examples: Everybody I give my
password to says it’s very
secure.”
• Protection from user errors.

• Protection from unauthorized modification on a

database.

• Track record for any data modification.

10
 • Availability:
• Ensuring timely and reliable access
to and use of information.
1.2 COMPUTER
• A loss of availability is the
SECURITY
CONCEPTS disruption of access to or use of
information or an information
system.

11
 1.2 COMPUTER SECURITY CONCEPTS

Availability example:

• Traffic fines e-payment system in

the airport must be highly available.

12
 1.2 COMPUTER SECURITY CONCEPTS

Some security concepts are needed to present the complete picture (FIPS,
2004) and (Shirey, 2003):

1. Authenticity: The property of being genuine and being able to be

verified and trusted.
• Confidence in the validity of a transmission, a message, or message
originator. This means verifying that users are who they say they are
and that each input arriving at the system came from a trusted
source.
13
 1.2 COMPUTER SECURITY CONCEPTS

Authenticity examples:

• A legitimate user with valid username and

password can access an email system.

14
 1.2 COMPUTER SECURITY CONCEPTS

2. Accountability:

The security goal that generates the requirement for actions of an

entity to be traced uniquely to that entity. In other words, the
obligation of an individual or organization to account for its activities
and accept responsibility for them.

• This supports non-repudiation, deterrence, fault isolation,

intrusion detection and prevention, and after-action recovery
and legal action.

15
 1.2 COMPUTER SECURITY CONCEPTS

Accountability examples:
• The policy statement that all employees
must avoid installing outside software on a
company-owned information infrastructure.

• The person in charge of information

security should perform periodic checks to
be certain that the policy is being followed.

16
 1.2 COMPUTER SECURITY CONCEPTS

3.Non-repudiation: The property where the signer (sender) cannot

claim he/she did not sign/send the message since his/her private key
included in that document.

• It is the verification of the identities of individuals or companies who

are participating in telecommunications sessions.

• There are two types:

1. Non-repudiation of origin.
2. Non-repudiation of receipt. 17
1.2 COMPUTER SECURITY CONCEPTS

Non-repudiation example:

Specific protocols have been designed in order to generate evidences for non-
repudiation of origin (NRO) (for Bob), and non-repudiation of receipt (NRR) (for Alice). 18
 1.2 COMPUTER SECURITY CONCEPTS

4. Adversary (threat agent) : An entity that attacks, or is a threat

to, a system.

 Example: A hacker can analyze

and reverse engineer a mobile
app's code, then can modify it to
perform some hidden functionality.

19
 1.2 COMPUTER SECURITY CONCEPTS

5. Attack: An assault on system security that derives from an

intelligent threat; that is, an intelligent act that is a deliberate
attempt (especially in the sense of a method or technique) to evade
security services and violate the security policy of a system.

 Examples:
• Viruses (electronic/logical)
• Damaging system board (physical)

20
 1.2 COMPUTER SECURITY CONCEPTS

6. Countermeasure: An action, device, procedure, or technique that

reduces a threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause, or by
discovering and reporting it so that corrective action can be taken.

 Example: Backup (system/software/data )

21
 1.2 COMPUTER SECURITY CONCEPTS

7. Vulnerability: A flaw or weakness in a system’s design,

implementation, or operation and management that could be
exploited to violate the system’s security policy.

 Examples:

• Non-updated Windows OS.

• Heartbleed Bug.

22
 1.2 COMPUTER SECURITY CONCEPTS

8. Threat: A possible for violation of security, which exists when there

is a circumstance, capability, action, or event, that could breach
security and cause harm. That is, a threat is a probable danger that
might exploit vulnerability.

 Example: A hacker can exploit a non-updated Windows 10. [Microsoft

Security Bulletin MS16-094 – Important - Security Update for Secure Boot (3177404)]

23
 1.2 COMPUTER SECURITY CONCEPTS

9. System Resources (Assets): Any resources or things of value that

are owned by an entity to produce cash/value.

Examples:
• Data contained in an information system.
• Service provided by a system.
• System capability (i.e., processing power or communication
bandwidth.
• An item of system equipment (i.e., a system component hardware,
firmware, software, or documentation).
• A facility that houses system operations and equipment.
24
1.2 COMPUTER SECURITY CONCEPTS

10.Risk: An expectation of loss expressed as the probability that

a particular threat will exploit a particular vulnerability with a
particular harmful results.

• It can be defined as a function of assets, threats and

vulnerabilities using the following formula:

25
 1.2 COMPUTER SECURITY CONCEPTS

11.Security Policies: A set of rules and practices that specify or

regulate how a system or organization provides security services
to protect sensitive and critical system resources.
• Examples:
o Not allowing any one to install
software in company’s PC.

o Don’t leave your password written in a

stick note on your desk.

26
1.3- Computer Security
Principles

27
 1.3.1 CRYPTOGRAPHIC TOOLS

• They are sequences of processes, or rules, used to

encipher and decipher messages in a cryptographic
system.

• “Modern” cryptography consists of various cryptography

algorithms and tools.

 Example: Advanced Encryption Standard (AES)

28
 1.3.2 AUTHENTICATION

• Authentication is the process that making sure of the identity of all

parties.

• Example: If Ali uses his computer to send a message to Imad’s

computer, Imad’s can ensures that Ali sent the message by using
authenticity property.

See Authenticity
(Slide-13)

29
 MORE ON AUTHENTICATION

• You can be authenticated on the basis of:

• something you know, e.g. (password, ID number, … etc.)

• something you hold, e.g. (keys, cards, … etc.)

• who you are, e.g. (face, finger prints, iris patterns, DNA, … etc.)

• what you do, e.g. (handwriting, gait analysis, … etc.)

• where you are, e.g. (based on your location- GPS)

30
1.3.3 ACCESS CONTROL

• Access control is a method or mechanism that control who can

access resources and to whom should be granted.

31
 1.3.4 MALICIOUS SOFTWARE
• Malicious software (malware): It is unwanted software that intended
to harm computer system.
• It can delete, modify or add unwanted software not approved by the
user.
• Examples:
– Trojans: Hide themselves within seemingly harmless programs or
try to trick you into installing new software.

32
1.3.4 MALICIOUS SOFTWARE

• Examples continued:
– Viruses: A virus is a program or piece of code that is loaded onto
your computer without your knowledge and runs against your needs.

– Worms: Stand-alone malicious programs that can self-replicate and

propagate via computer networks, without human help.

33
1.3.4 MALICIOUS SOFTWARE

• Examples continued:
 Spyware: A type of software used to infect devices in order to secretly
obtain data without the user's permission.
– User’s data can be private information, Internet interaction,
passwords … etc. .
– It can also affect the computer’s performance by installing
additional software, redirecting web browser searches, change
computer settings, … etc. .
34
1.3.5 OTHER FORMS OF ATTACKS

• Phishing: is an attempt by the attacker to

acquire sensitive information such as credit card
information, bank account information, social
security number or a username from the
legitimate user by sending him/her an email or
by calling him/her.

35
 1.3.5 OTHER FORMS OF ATTACKS

• Pharming: Redirects users to fake websites to misdirect the

users to steal their account information.

• This is done bye changing the DNS settings.

DNS File 212.43.1.110 www.google.com

Entry

36
1.3.5 OTHER FORMS OF ATTACKS

• Pharming illustrated scenario:

37
 1.3.5 OTHER FORMS OF ATTACKS

• Denial of service (DoS) : is an attack to prevent the legitimate

users to use the network resources by flooding the network with
useless traffic.

• Example: ICMP Echo Request (ping) packets, generally sends

packets as fast as possible without waiting for replies (band width
consumption).

38
 1.3.5 OTHER FORMS OF ATTACKS

• ICMP (Ping) Flood scenario:

39
 1.3.5 OTHER FORMS OF ATTACKS

• Logic bombs: Malware piece of a code intentionally added to

software system additional to the software system functional purpose.
It can be also a process or a task.

• Example:
• DarkSeoul malware:
 It affected several customers of the ISP LG U+ and caused their
networks to fail.
 It disables popular South Korean antimalware products.

40
 1.3.5 OTHER FORMS OF ATTACKS

• Drive by download attack: Is a malware delivery attack

triggered when the user views and visits the website.

41
 HOMEWORK

• Search the internet for real

malicious software example
• Write a detail report.

42
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

1. Intrusion Detection System (IDS) DESCRIPTION

IDS is the process of observing proceedings happening in an
information technology or network and analyzing them for
indications of attacks.

• Attacks can be specified as:

• Attempt to conduct unauthorized behavior, or

• Avoid the security techniques of a hardware or network.

43
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

2. Intrusion Prevention System (IPS) DESCRIPTION

• It is the next generation of IDS.

• Consists of activities that deter an intrusion.

• Can detect an intrusion and also prevent that intrusion from

successful attack.

44
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

• IDPS implementation advantages:

1. Prevents problem behaviors by increasing risk of discovery and
punishment for system cyber-attacks.

2. Identifies intruders and other security violations that are not prevented
by other security measures.

3. Detects preambles to attacks (network probes and other tests for

present vulnerabilities).

4. Quality control for security design and administration.

5. Provide helpful data regarding techniques applied in cyber-attack.

45
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

• IDPS uses two major methods to analyze proceedings to

reveal intruders:

1. Signature-Based IDPS: This method recognizes

proceedings or sets of proceedings that match with a predefined
model of proceedings that describe a known attack.

2. Anomaly-Based IDPS: Anomaly detection assumes that all

intrusive activities deviate from the norm.

46
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

TECHNOLOGICAL SUPPORT
• Three popular types of IDPS products:

1.Network-Based IDPS: Reveal intruders by capturing and

analyzing network packets.

47
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

2. Host-Based IDPS. Operate on data gathered from inside

an individual hardware system.

48
 1.3.6 INTRUSION DETECTION PREVENTION (IDPS) SYSTEM

3. Application-Based IDPS. A special subset of host-based IDPS

that analyzes the proceedings transpiring inside a software
application.

• It detects suspicious behaviors in the interaction between users,

data and application.

49
1.3.7 FIREWALLS

• Firewalls: Devices or systems that control the flow of network

traffic among networks or among a main computer and a
network.

50
 1.4 SECURITY SYSTEMS EXAMPLES

• The computer security risks are divided into three parts:

1. Internet and network security

Natural
2. Standalone computer security Intentional Disaster
Risks Risks
Malicious Fires
3. Data loss by accident Attackers

Assets

Unintentio
nal Risks
Employee
errors

51
 1.4 SECURITY SYSTEMS EXAMPLES

• The steps of accessing an account on a network are included

in the following steps:
1.A legitimate user is accessing his/her account, i.e. (Yahoo-mail).

2.The firewall examines the user’s packet then it passes through

(Authentication).

3.The access control server verifies the username and the password
compares them with the previously saved into the administrator
database.

4.The legitimate user now is authorized and can access his/her

52

account.
 1.4 SECURITY SYSTEMS EXAMPLES

The steps of accessing an account on a

network

53
 1.4 SECURITY SYSTEMS EXAMPLES

• Honeypot is a faked network that contains a false database,

unused IP addresses, encrypted files…etc, usually located
between a firewall of a network and the real network itself. The
purpose of a honey pot network is to lure the attackers into
believing it is a legitimate system.

54
 SUMMARY
• Have considered:
Definition of computer security.
Description of the triad security requirements of
confidentiality, integrity and availability.
Understanding terminologies used in computer
security.
Description of computer security principles.
Description of honeypot security network 55