COMPUTER SECURITY(17514)

VTH SEM CM

MS. SHREYA B. PANDEY

1

G.H. RAISONI POLYTECHNIC, NAGPUR

CHAPTER 1[22M]I. INTRODUCTION TO COMPUTER SECURITY AND

SECURITY TRENDS

1.1Defination of Computer Security, Need for security, Security basics:Confidentiality,Integrity,Availability,Non-retition,Example of security, Challenges for security, Model for security.

1.2 Risk and Threat Analysis: Assets, Vulnerability, Threats, Risks, Counter measures.

1.3 Threat to Security: Viruses and Worms, Intruders, Insiders, Criminal organizations, Terrorists, Information warfare Avenues of attack, steps in attack

1.4 Security attacks: Active and Passive attacks, Denial of service, backdoors and trapdoors, sniffing, spoofing, man in the middle, replay, TCP/IP Hacking, encryption attacks.

1.5 Malware : Viruses, Logic bombs

2

Need for securityLecture 1

Security is needed because when we develop a computer application to handle financial and personal data, security is very important from unauthorized access from the third party.

Example of security mechanism are as follows:

1)Provide a user id and password to every user and use that information to authenticate a user.

2)Encode information stored in the database in some fashion so that it is not visible to user who do not have the right permission.

The need of computer security has been threefold: confidentiality, integrity, and availability—the “CIA” of security.

3BACK

1. Confidentiality: The principle of confidentiality specifies that only sender and intended recipients should be able to access the contents of a message.

2. Confidentiality gets compromised if an unauthorized person is able to access the contents of a message. Example of compromising the Confidentiality of a message is shown in fig

Here, the user of a computer A send a message to user of computer B. another user C gets access to this message, which is not desired and therefore, defeats the purpose of Confidentiality. This type of attack is also called as interception.

4BACK

2. Authentication: Authentication helps to establish proof of identities. The Authentication process ensures that the origin of a message is correctly identified .For example, suppose that user C sends a message over the internet to user B. however, the trouble is that user C had posed as user A when he sent a message to user B. how would user B know that the message has come from user C, who posing as user A? This concept is shown in fig. below. This type of attack is called as fabrication .

5BACK

3. Integrity: when the contents of the message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost. For example, here user C tampers with a message originally sent by user A, which is actually destined for user B. user C somehow manages to access it, change its contents and send the changed message to user B. user B has no way of knowing that the contents of the message were changed after user A had sent it. User A also does not know about this change. This type of attack is called as modification.

6BACK

Definition of Computer SecurityLecture 2

Computer system security means the collective processes and mechanism by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

Computer security is the protection of computer and data that the computers hold.

7BACK

Security basics

1. Confidentiality : The goal of confidentiality is to ensure that only those individuals who have the Authority can view a piece of information.

2. Authentication: Authentication deals with the desire to ensure that an individual is who they claim to be. The need for this in an online transaction is obvious.

3. Integrity: Integrity is a related concept but deals with the generation and modification of data. Only authorized individuals should ever be able to create or change (or delete) information.

4. Nonrepudiation: Nonrepudiation deals with the ability to verify that a message has been sent and received and that the sender can be identified and verified. The requirement for this capability in online transactions should also be readily apparent.

8BACK

Challenges for security

E-Commerce requirement. Information security attack Government sector and industry regulation Mobile work force & wireless computing.

These security challenges can be grouped into following security field.

Cryptography, security in small and medium enterprises, security & privacy in cloud internet, security matrix, foreign

sectors.

9BACK

Difference between Authentication and authorization

Authentication is any process by which a system verifies the identity of a User who wishes to access it. Since Access Control is normally based on the identity of

the User who requests access to a resource, Authentication is essential to effective Security.

Authentication may be implemented using Credentials, each of which is composed of a User ID and Password. Alternately, Authentication may be implemented with Smart Cards, an Authentication Server or even a Public Key Infrastructure.

Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for

the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth).

10BACK

Model for securityLecture 3

11BACK

CONTINUE…

A message is to be transferred from one party to another via Internet.

Sender & receiver are principals of transaction and must cooperate for exchange to take place.

An information channel is established by defining a route through Internet from source to destination with the help of communication protocol like TCP/IP.

Techniques for providing security have following components:- A security related transformation on information to be sent. The secret information shared by two principals should be secret. A trusted party is required to achieve secure transmission.

12BACK

Model shows four basic tasks:

1. Design algorithm in such a way that an opponent cannot defeat its purpose. This algorithm is used for security related information.

2. Generate secret information that can be used with algorithm.

3. Develop method for distributing and sharing of secret information.

4. Specify a protocol which can be used by two principals that make use of security algorithm and secret information to achieve a security service. OSI Layer for security model defines seven layers

Authentication   Access control Non repudiation Data integrity Confidentiality Availability or Assurance Notarization or Signature

13BACK

AssetsLecture 4

In computer security Asset any data, device or other component that supports information related security.

Assets can be Hardware ,Software or Confidential Information. Identification of asset should be relatively simple and regular

exercise. Eg.Server,switches,support system etc.

14BACK

Vulnerability

• In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.

•Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. 

•To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

In any system vulnerability can be :

a)Account with system privileges where the default passwords has not been changed.

b)Programs with unnecessary privilege.

c)Program with known fault.

d)Weak firewall configuration that allows access to vulnerable services etc.

e)Weak access control settings on resources.15BACK

Risks

•The word Risk means that circumstances in which an organization’s information system is confronted with a threat and vulnerability converging.

•We can also say that risk is some incident or attack that can cause damage to a system.

•An attack against a system is done by a sequence of action exploiting weak point until attack goal is not accomplished.

The process of Risk is calculated as follows:

RISK ASSETS VULNERABILITY THREATS

16BACK

Risk analysis Risk analysis is the identification and estimation of risks .Risk

identification is the process whereby one identifies the sources of risk.

There are two fundamental types of risk analysis:

a)Quantitative Risk Analysis

b)Qualitative Risk Analysis

a)Quantitative Risk Analysis:A process of assigning a numeric value to the probability of loss based on known risks, on financial values of the assets and on probability of threats.

Eg:-The cost of replacing an asset, the cost of lost productivity, or the cost of diminished brand reputation.

17BACK

b)Qualitative Risk Analysis : It is a collaborative process of assigning relative values to assets, assessing their risk exposure, and estimating the cost of controlling the risk. In qualitative risk analysis:

Assets can be rated based on critically-very important,important,non-important etc.

Vulnerabilities can be rated based on how it is fixed-fixed soon, should be fixed, fix if suitable etc.

Threats can be rated based on scale of likely- unlikely, very likely etc.

18BACK

ThreatsLecture 5

A threat is an action by attacker who tries to exploit vulnerabilities to damage assets. Threats can be identified by the damage done to assets like:

●Spoofing the identities of user.

●Securing settings may be changed which gives the attacker more privileges.

●Information may be disclosed.

●A user may get more privileges on a system that he is entitled to.

19BACK

Counter measures

Counter measure is an action, process, device, or system that can prevent ,or mitigate the effects of, threats to a computer, server or network. Countermeasure can take the form of software, hardware and modes of behavior. Software countermeasure include:

●Personal firewalls

●Application firewalls

●Anti-virus software

●Pop-up blockers

●Spyware detection/removal programs

20BACK

Hardware Countermeasure Include:

►Biometric authentication systems.

►Physical restriction of access to computers and peripherals.

►Intrusion detectors

►Alarms

Behavioral Countermeasure Include:

►Frequent deletion of stored cookies and temporary files from web browsers.

►Regular scanning for viruses and other malware

►Regular installation of updates and patches for operating systems.

►Regular backing up data on external media.

►Staying away from questionable web sites.

21BACK

Viruses Lecture 6

Virus is a program which attaches itself to another program and causes damage to the computer system or the network.

It is loaded onto your computer without your knowledge and runs against your wishes.

They can replicate themselves, all computer viruses are manmade. Even a simple virus is dangerous because it will quickly use all

available memory and bring the system to a halt.

22BACK

Types of viruses

Parasitic Viruses: It attaches itself to executable code and replicates itself. Once it is infected it will find another program to infect.

Memory resident viruses: lives in memory after its execution it becomes a part of operating system or application and can manipulate any file that is executed , copied or moved.

Non- resident viruses: it executes itself and terminates or destroys after specific time.

Boot sector Viruses: It infects boot sector and spread through a system when it is booted from disk containing virus.

Overwriting viruses: It overwrites the code with its own code. Stealth Virus: This virus hides the modification it has made in

the file or boot record.

23BACK

CONTINUE….

Macro Viruses: These are not executable. It affects Microsoft word like documents, they can spreads through email.

Polymorphic viruses: it produces fully operational copies of itself, in an attempt to avoid signature detection.

Companion Viruses: creates a program instead of modifying an existing file.

Email Viruses: Virus gets executed when email attachment is open by recipient. Virus sends itself to every one on the mailing list of sender.

Metamorphic viruses: keeps rewriting itself every time, it may change their behavior as well as appearance code.

24BACK

Lifecycle of virus1. Dormant phase: The virus is idle and activated by some event.

2. Propagation phase: It places an identical copy of itself into other programs or into certain system areas on the disk.

3. Triggering phase: The virus is activated to perform the function for which it was intended.

4. Execution phase: The function of virus is performed.

25

DORMANTPHASE

PROPOGATION PHASE

IDENTICAL COPY

IDENTICAL COPY

TRIGGERINGPHASE

EXECUTION PHASE

BACK

Virus Infected Code

26

Add i to j print close end

Add i to jVirus job

Closeend

Delete all filesSend copy to

All userreturn

Original Code Infected Code due to

virus

Virus Code

BACK

Worms Lecture 7

Small piece of software that uses computer networks and security holes to replicate itself.

Copy of the worm scans the network for another machine that has a specific security hole.

Copy itself to the new machine using the security hole and start replicating.

Example “CODE RED”

27BACK

Difference between Virus and Worm

Virus Worm

A virus is a piece of code that attaches itself to legitimate program

A worm is a malicious program that spread automatically.

Virus modifies the code. Worm does not modifies the code

Virus does not replicate itself Worm replicate itself

Virus is a destructive in nature Worm is non-destructive in nature

Aim of virus is to infect the code or program stored on computer system

Aim of worm is to make computer or network unusable

Virus can infect other files Worm does not infect other files but it occupies memory space replication.

Virus may need a trigger for execution Worm does not need any trigger

28

BACK

Difference Intruders & InsidersINTRUDERS INSIDERS

Intruders are authorized or unauthorized users who are trying to access the system or network.

Insiders are authorized users who try to access system or network for which he is unauthorized.

Intruders are hackers or crackers. Insiders are not hackers.

Intruders are illegal users. Insiders are legal users.

Intruders are less dangerous than Insiders

Insiders are more dangerous than Intruders.

Intruders do not have access to system Insiders have easy access to the system because they are authorized users

Many security mechanisms are used to protect system from Intruders.

There is no such mechanism to protect system from Insider

29BACK

Security attacks: Active and Passive attacks

Active Attacks: Active attacks involve some modification of the data stream or the creation of false stream and can be subdivided into four categories:a)masqueradeb)replayc) modification of messagesd)denial of service

Passive Attacks: Passive attacks are in the nature of eavesdropping or monitoring of transmission .This attack is divided into following categories:a)release of message content.b)Traffic analysis

30BACK

MasqueradeLecture 8

31BACK

Replay

32BACK

Modification of Messages

33BACK

Denial of Service

34BACK

Release of Message Content

35BACK

Traffic Analysis

36BACK

Different Types Of Attacks

i. Denial-of-service attacks ii. Backdoors and Trapdoors iii. Sniffing iv. Spoofing v. Spoofing E-mail vi. Man is the middle attacks vii. Replay attacks viii. TCP/ IP Hijacking ix. Attacks on Encryption x. Malware or malicious code such as viruses

37BACK

Denial-of-service attacks can exploit a known vulnerability in a specific application or o.s, or may attack features in specific protocols or services.

In this form attacker is trying to deny authorized users access either to specific information or to the computer system or either network.

The purpose of such an attack is to simply prevent access to target system or the attack may be used in conjunction with other action in order to gain unauthorized access to system or network.

SYN flooding attack is one of the examples of this type. Following are types of DOS:

1. POD (ping-of-death)

2. DDOS (Distributed Denial of Service attack)

38BACK

CONTINUE…

39BACK

Backdoors and TrapdoorsLecture 9

Backdoors : A backdoor is a feature of a program that can be used to make it act in some way that person who is running it did not intend A backdoor in a computer system(or cryptosystem or algorithm) is a

method of bypassing normal authentication, securing remote access to a computer obtaining access to palintext,and so on, while attempting to remain undetected.

Trapdoors :These are the programs which when stored on the target system, may allow easy access to hackers or give them sufficient information about the target to carry out the attacks. A trap door is a secret entry point into a program that allows someone

that is aware at the trap door to gain access without going through the usual security access procedure.

40BACK

SniffingSniffing A network sniffer is a software or hardware device that is used to observe the traffic as it passes through the network on shared broadcast media. The device can be used to view all traffic, all it can target a specific

protocol, service or even string of characters. Normally the network device that connects a computer to a

network is designed to ignore all traffic that is not destined for that computer.

Network sniffers ignore this friendly agreement and observe all traffic on the network whether destined for that computer or others.

41BACK

SpoofingSpoofing It makes the data look like it has come from other source. This is possible in TCP/IP because of the friendly assumptions

behind the protocols. When a packet is sent from one system to another, it includes not

only the destination IP address but the source IP address. The user is supposed to fill in the source with your own address,

but there is nothing that stops you from filling in another system’s address

URL Spoofing Spoofing E-mail IP Address Spoofing

42BACK

Continue…

43

Email spoofing Url spoofing

Ip Address spoofing

BACK

Man in the middle attack

A man in the middle attack occurs when attackers are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic.

This is done by making sure that all communication going to or from the target host is routed through the attacker’s host.

Then the attacker is able to observe all traffic before transmitting it and can actually modify or block traffic.

To the target host, communication is occurring normally, since all expected replies are received.

44BACK

Replay attack

•In replay attack an attacker captures a sequence of events or some data units and resends them.

•For example suppose user A wants to transfer some amount to user C’s bank account. Both users A and C have account with bank B.

• User A might send an electronic message to bank B requesting for fund transfer.

•User C could capture this message and send a copy of the same to bank B. Bank B would have no idea that this is an unauthorized message and would treat this as a second and different fund transfer request from user A.

• So C would get the benefit of the fund transfer twice.-once authorized and once through a replay attack.

45BACK

TCP/IP HackingLecture 10

TCP/IP hacking is the process of taking control of an already existing session between a client and server.

The main benefit to an attacker of hijacking over attempting to enter a computer system or network is that the attacker doesn’t have to avoid any authentication mechanisms, since the user has already authenticated and established the session.

When the user has completed its authentication sequence, the attacker can then take the session and carry similar to the attacker, and not the user, had authenticated with the system.

To prevent the user from noticing anything unusual the attacker may decide to attack the user’s system and perform a Denial-of –Service attack on it, so that user and system, will not notice the extra traffic that is tacking place.

46BACK

Encryption Attack

Encryption is the process of transforming plaintext into an unreadable format known as cipher text using a specific technique or algorithm.

Most encryption technique use some form of key in the encryption process. The one key is used in a mathematical process to jumble the original message to unreadable cipher text and other key is used to decrypt the cipher text to recreate the original plaintext.

The length of key often directly relates to the strength of the encryption.

Cryptography is the art and science of writing secret message. Cryptanalysis is the process of attempting to break a cryptographic

system.

47BACK

Malware

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Logic bomb:

These are also type of malicious software that is deliberately installed, generally by authorized user.

It is a Code Bomb is code embedded in some legitimate program that is set to explode when certain condition occurred.

If event like not finding a specific name in the personal file., the code is referred to as Logic Bomb.

If the event is a particularly date or time, program will often be referred as time bomb. They are difficult to detect.

48BACK

Questions What is computer security?[w-8.s-10,w-12] Explain the need of security?[s-12,w-14] State the goals of computer security.[s-13] List and describe basic components of computer security.[s-10,w-12] State and describe principles of security.[s-11] Describe the three function of computer security.[w-08] Describe the key principles of security.[s-9,w-10,w-11,w-13] What are threats to security?[s-12] What is virus? Explain different phases of virus life cycle.[w-13,s-13,w-

14] What is worm ?Give significant difference between virus and worm.[s-1

1] List and explain types of virus?[w-10,s-13] Compare Intruders and Insiders.[-09,s-13,w-14] List different types of attack. Describe any one in brief.[w-10,w-13,s-13] Explain Active and Passive attack.[s-12]49

Questions Explain denial of service attack with example.[w-9,s-12,s-13,w-13] With neat sketch dig., explain SYN Flooding attack.[w-08,w-14] Describe sniffing with example.[s-10,w-11,,s-11,w-12,w-13] Describe spoofing with suitable example.[s-10,w-11.s-11,w-12,w-13] Explain man-in-middle attack.[s-12,w-14] Explain replay attack with the help of dig.[s-11,w-11,w-14] What is logic bomb.[s-13]

50