2. Computer Security
• Definition :
The generic name for collection of tools designed to
protect data & to thwart hackers is called computer security.
3. Need of computer security
• For prevention of data theft such as bank account numbers, credit card
information, password, work related documents etc
• To make data remain safe & confidential.
• To provide confidentiality which ensures that only those individual should
ever be able to view data
• To provide integrity which ensures that only those individual should ever
be able to change the information
• To provide availability which ensures that the data is available for use when
authorized user want it
• To provide authentication which deals with individual identity
• To provide non repudiation which deals with the assurance that someone
cannot deny something
4. Security Basics or key principles
• Confidentiality :
The principle of confidentiality specifies that only the sender & the
intended recipients should be able to access the contents of a message
• Confidentiality gets compromised if an unauthorized person is able to
access the contents of message.
• Integrity
The principle of integrity specifies that assets are modifiable only
by authorized parties
5. • Availability :
The principle of availability state that resources(information) should
be available to authorized parties at all times.
• Authentication:
The Authentication process ensures that the origin of message is
correctly identified
• Non- Repudiation:
The ability of a system to confirm that a sender cannot convincingly
deny having sent a message
6. Risk & Threat Analysis
• Risk: Risk is some incident or attack that can cause damage to the system
• Risk analysis have following parameters are there :
1. Asset :
In computer security assets are any data , device, or other component
that supports information related security.
Asset can be Hardware : computer components, network,
communication channel , mobile device
Software : applications, OS, programs
Data : files, folders
- Goal of computer security is to protect valuable assets.
- We protect assets by methods
7. 2. Vulnerability :
Vulnerability is a weakness in the information infrastructure of a business or
organization. It will accidentally or intentionally damage the asset.
• In any system , the Vulnerability can be :
programs with known faults
weak access control settings on resources
weak firewall configuration that allows access to vulnerable services
3. Threats :
A set of circumstances (incident)that has the potential to cause loss.
Threats are Natural threat- earthquake, Intentionally threat – cyber attack
8. 4. Countermeasure : (control)
Action taken to off another action
That is the action, device, procedure or techniques that eliminates or
reduces a vulnerability
The conclusion is that
Threat are blocked by controlling vulnerability.
9. Threat to security
• Viruses
• Phases of Virus
• Dealing with virus
• Worms
• Trojan horse
• Intruders
• Insiders
10. virus
• A virus is a code or program that attaches itself to another code or
program which causes damage to the computer system or to the
network
• It is a piece of code which is loaded onto the computer without
individuals knowledge and run against his/her wishes
• It can not replicate them. All computer viruses are man made.
• Virus modifies the program and damage the system
11. Phases of Virus
A typical virus goes through the following four phases:
1. Dormant Phase : The virus is idle and eventually activated by some
event
2. Propagation Phase : The virus places an identical copy of itself into
another programs or into certain system areas on the disk
3. Triggering Phase: The virus is activated to perform the function for
which it was intended.
4. Execution Phase : The function is performed
12. Types of Viruses
• Parasitic Virus :
It attach itself to executable code and replicate itself. When the
infected code is executed, it will find other executable code or program
to infect.
• Memory resident virus:
It insert themselves as a part of operating system or application and
can manipulate any file that is executed, copied or moved.
• Non-resident virus :
This type of virus executes itself and terminated or destroyed after
specific time
13. • Boot sector virus:
this virus infects the boot record and spread through a system when
system is booted from disk containing virus.
• Overwriting virus:
It overwrites the code with its own code.
• Stealth virus :
It hides the modification and it has made in the file or boot record.
• Macro Virus :
These viruses are not executable , it affects Microsoft word like
documents. They can spread through email
14. • Polymorphic Virus :
It produces fully operational copies of itself , in an attempt to avoid
signature detection.
• Companion Virus :
This virus creates new program instead of modification an existing
file.
• Email Virus :
virus gets executed when email attachment is open by recipient
Virus sends itself to everyone on the mailing list of sender.
• Metamorphic virus :
This virus keeps rewriting itself every time. It may change their
behavior as well appearance code.
15. Dealing with virus
• Preventing from the virus we can attempt to detect, identify Remove
viruses.
1. Detection : Find out the location of virus
2. Identification : Identify the specific virus that has attacked.
3. Removal : After identification, it is necessary to remove all traces
of the virus & restore affected file to its original state with the help
of anti – virus.
16. Worms
• A worm is a special type of virus that can replicate itself and use
memory, but cannot attach itself to other programs
• Any simple virus can be dangerous because it will quickly use all
available memory space and bring the system to a halt
17. Virus and Worm
Sr.
No
Virus Worm
1 A program or code that attach itself to
another program & runs whenever that
application runs
A worm is a special type of virus that can
replicate itself and use memory, but
cannot attach itself to other programs
2 Virus modifies the code Worm does not modify the code
3 It does not replicate itself It replicate itself
4 Virus is destructive in nature Worm is non destructive in nature
5 Virus modifies the functionality Worm is to make computer or network
unusable
6 Virus infect other files Worm does not infect the code but it
occupies memory space by replication
7 Virus may need trigger for execution Worm does not need any trigger
18. Trojan Horse
• Trojan horse is a hidden piece of code, it allows an attacker to obtain confidential
data.
• The main purpose of Trojan horse is to reveal confidential information to an
attacker.
• Example :
The Trojan horse can hide in code for login screen. When user enters the user
id and password the Trojan horse captures these details and send this
information to the attacker without knowledge of authorized user. The attacker
can then use this information to gain access to the system.
19. Intruder
• Intruders are authorized or unauthorized users who are trying access
the system or network
• There are three classes of Intruders :
1. Masquerader : An individual who is not authorized to use the
computer & who enters a system access controls to use a legal users
account. Is an outsider
2. Misfeasor : A legitimate user who access the data, programs or
resources for whom these access is not authorized. Is an Insider
3. Secret user : an individual who hold managerial control of system.
Is can be either insider or outsider.
20. Insider
• The Insider have the access and necessary knowledge to cause
damage to an organization hence, Insider is more dangerous than
outside Intruder.
• Many security are designed to protect the organization against
outside Intruders.
• But the Insider may already have all the access to carry out criminal
activity like fraud. Also they have the knowledge of security system in
place.
• Insider not only have physical access to the organization facilities but
may also have access to the computer system and network
21. Comparison between Intruder and Insider
Sr no. Intruder Insider
1 Intruders are authorized or
unauthorized users who are trying
access the system or network
Insiders are authorized users who
try to access system or network
2 Intruders are hackers or crackers Insiders are not hackers
3 Are less dangerous Are more dangerous
4 Are illegal users Are Legal users
5 They have to study or knowledge
about the security system
They have knowledge about the
security system
6 They do not have access to system They have easy access to the
system bcz they are a
7 Many security mechanisms are
used to protect system from
Intruders
There is no such mechanism to
protect system from Insider
22. Security Attack
• Definition : When someone tries to access, modify or damage the
system is referred to as Attack
• There are different types of attack
1. Passive Attack :
• Passive attack are those where attacker monitoring of data
transmission
• The goal of attacker is to obtain information that is being
transmitted
• The term passive indicates that the attackers does not modify
the data
23. Passive attack
• There are two types of attack
1. Release of message contents
2. Traffic analysis
24. Release of message contents
•BOB is sending some important message to Alia. This message may contain
sensitive or confidential information.
•If Darth read the contents of message then the communication is harmed
26. Active Attack
• Active Attack perform some modification of the data or creation of
false data stream
• It is divided into
1. Masquerade
2. Replay
3. Modification of message
4. Denial of service
28. Masquerade
• A 'masquerade' takes place when one entity pretends to be a
different entity.
• A masquerade attack usually includes one of the other forms of active
attack.
• For example,
Where Darth pretend to be BOB & sends a message to Alice
30. Replay Attack
• In Replay attack, a user captures a sequence of events or some data
units and resend them
• Example :
If Alice wants to authenticate Bob before communicating with him.
for that Bob sends password to Alice. This password is captured by
Darth & in future he may transmit this password to Alice so that
Darth can easily masquerade Bob.
32. Modification of message
• It simply means that some portion of a authorized message is altered,
or that messages are delayed or reordered, to produce an
unauthorized effect.
34. Denial of service attack
• DOS attack make an attempt to prevent legitimate users from
accessing some services, which they are eligible for.
• For instance an unauthorized user might send too many login request
to the server using random user ids one after the other in quick
succession, so as to flood the network & deny other authorized
users from using the network facilities
35. Example of DOS attack
• A typical mechanism to launch a DOS attack is with the help of SYN request.
• This attack uses TCP/IP protocol to create connection between client and server
by Using TCP/IP handshake as follows:
1. First, the client sends a SYN packet to the server in order to initiate the
connection.
2. The server then responds to that initial packet with a SYN/ACK packet, in order
to acknowledge the communication.
3. Finally, the client returns an ACK packet to acknowledge the receipt of the
packet from the server.
After completing this sequence of packet sending and receiving, the TCP
connection is open and able to send and receive data.
36. TCP/IP handshake
This attack uses TCP/IP protocol to create connection between client and server by Using TCP/IP
handshake as follows:
1. First, the client sends a SYN packet to the server in order to initiate the connection.
2. The server then responds to that initial packet with a SYN/ACK packet, in order to acknowledge
the communication.
3. Finally, the client returns an ACK packet to acknowledge the receipt of the packet from the server.
After completing this sequence of packet sending and receiving, the TCP connection is open
and able to send and receive data.
37. SYN flooding attack
• The attacker sends fake communication request to the targeted
system
• Each of this request is answered by targeted system & waits for the
response, which will never come because the request are fake
• The targeted system will drop these connections after a specific time
out period, if the attacker sends requests faster than time out period
eliminates them, the system will quickly be filled with request.
• So, after this system will be reserving all connections for fake request.
Because of this the authorized user who want to communication will
not be able to communicate target system.
38. Types of attacks
• DDOS attack
• Backdoors
• Sniffing
• Spoofing
• TCP/IP hijacking
• Man in middle
• Replay attacks
39. Distributed Denial of Service Attacks
(DDoS)
• In Distributed Denial of Service (DDoS) attacks, an attacker is able to
recruit a no. of host throughout the internet to simultaneously or in
coordinated fashion.
• The 1st step in DDOS attack is that the attacker to infect number of
machines with zombie s/w that ultimately be used to carry out the attack
• The software must be able to run on a large no. Of machine.
• For this attacker must become aware of a vulnerability that many that
enables the attacker to install zombie s/w & also locating vulnerable
machine is called scanning .
• In the scanning process, the attacker 1st seeks out a no. Of vulnerable
machines & infect them
40. Distributed Denial of Service Attacks
(DDoS)
• Then Zombie s/wis installed & repeats same scanning process, until a
large distributed n/w of infected machines is created.
• After infecting a large distributed n/w, the target system goes down & do
not give response to their service request
• Example :
1. Distributed SYN Flood attack
2. Distributed ICMP attack
43. Backdoor or Trapdoor
• Secret entry point into a program
• Allows those who know access bypassing usual security procedures
• They have been commonly used by developers
• A threat when left in production programs allowing exploited by
attackers
• It is very hard to block in O/S
• It requires good s/w development & update
44. Sniffing Attack
• Sniffing attack means capturing the data packets when it flows
through a computer network.
• Packet sniffer is the device or medium used to do this sniffing attack.
• They are called network protocol analyser can be used by a n/w or
system administrator to monitor & troubleshoot N/w traffic
45. Packet Sniffing
• A packet sniffer is a program that can see all the information passing
over the N/W it is connected
• When a packet sniffer is setup on a computer sniffer N/W interface is
looking at everything the come through
• A packet sniffer can usually be set up in one of the two ways:
1. Unfiltered – Captures all the packets
2. Filtered - Captures only those packets containing specific data
elements
• The packet that contain targeted data are copied as they pass
through. The program stores the copies in memory depending on
programs configuration.
46. Packet Sniffing
• These copies can then be analyzed carefully for specific information
or pattern
• When users connect to the internet, they joining a N/W maintained
by their ISP
• A packet sniffer located at one of the servers of users ISP would be
able to monitor all the online activities such as
1. Which web site the user visit?
2. What user look at one site?
3. To whom user sends email etc?
47. Spoofing
• Spoofing attack is a situation in which one person or program
successfully masquerades as another by falsifying data
• The attacker must monitor the packets sent from sender to receiver &
then guess the sequence no. of the packets
• When packet is sent from one system to another it includes not only
IP address & port of destination but the source IP address as well
• Example :
1. Email spoofing
2. Caller ID Spoofing
3. IP address Spoofing
48. Email spoofing
• Email spoofing refers to email that appears to have been originated
from one source but it was actually sent from another source
• Example :
Spam email, Junk mail
• A simple method of spoofing an email address is to telnet to port 25,
the port is associated with email on system from one can fill from &
to sections of message
50. Caller ID Spoofing
• Caller identification (Caller ID) is a service that allows the receiver of a
phone call to determine the identity of the caller.
• Caller ID is initially sent over at the start of the phone call and
identifies the incoming caller before the receiver answers the phone.
• Caller ID is not associated with the actual phone number but is part of
the initial call setup, which allows the caller to manipulate the Caller
ID to display a different number from the number that is calling.
51. Caller ID Spoofing
• If you have ever received a call where the caller said that you called
them when you have not, then your number was most likely spoofed
by another person.
• There are many phone scams that use Caller ID spoofing to hide their
identity because Caller ID spoofing makes it impossible to block the
number.
• The caller ID spoofing is done by services & gateways that
interconnect VOIP(Voice Over IP) with other public phone N/W
52. IP address spoofing
• IP address Spoofing is the process of replacing the source IP address with a fake
IP address from the IP packet to hide the real identity of sender
• The technical mechanism to achieve IP spoofing attack as follows :
1. The attacker creates IP packet to be sent to the server with SYN request.
2. As usual, the server responds back with a SYN ACK response
3. The attacker has to get hold of the SYN ACK response by disconnecting the user
using DOS attack & resumes communication fake IP address of disconnected
user
4. Once this is done, the attacker can try various commands on server computer
53. Man in middle attack
• Man-in-the-middle attacks (MITM) occurs when attacker are able to place
themselves in the middle of two other hosts that are communicating in order to
view or modify the traffic
• This is done by making sure that all communication going to or from the target
host is routed through the attackers host
• Then attacker is able to observe all traffic before transmitting it & can actually
modify or block traffic.
55. Replay attack
• A replay attack occurs when an unauthorized user captures n/w traffic
and then sends the communication to its original destination, acting
as the original sender
57. TCP/IP hacking attack
• TCP/IP Hijacking is the process of taking control of an already existing session
between a client & server
• In TCP/IP Hijacking’
• The attacker monitors the n/w transmission & analyze the source and destination
IP address of the two computers.
• Once the attacker discovers the IP address of one of the user, the attacker can
logically disconnecting the client by using DOS attack & then resume
communication by spoofing IP address of disconnecting user & attacker is able to
communicate with Host machine as if the attacker was the victim.
• The host machine will not known that he is talking with the unauthorized user &
will respond
60. Operating System Security
• Operating systems are large & complex mixture of interconnected software
modules
• When operation system is continually growing and introduces new functions then
the potential for problems with that code will also increase.
• It is almost not possible for an operating system vendor to test their product on
each possible platform under every possible situation, so the functionality &
security issue are occurred after released of operating system
• To standard user or system administrator is constant stream of updates designed
to correct problems, replace sections of code or even add new features to an
installed operating system
61. Hot fix
• Vendor typically follows a hierarchy for software updates given below:
1. Hot fix :
• A hotfix is a single, cumulative package that includes one or more files that are
used to address a problem in a software product (i.e. a software bug).
• Typically, hotfixes are made to address a specific customer situation and may not
be distributed outside the customer organization.
• In a Microsoft Windows context, hotfixes are small patches designed to address
specific issues, most commonly to freshly-discovered security holes.
• These are small files, often automatically installed on the computer with
Windows Update (although some may only be able to be obtained via Microsoft
Support) and could contain a hot patch eliminating the need for a reboot.
• update to fix a very specific issue, not always publicly released
62. 2. Patch
• A patch is a program that makes changes to software installed on a
computer.
• Software companies issue patches to fix bugs in their programs,
address security problems, or add functionality.
• Currently Microsoft releases their security patches once a month,
and other operating systems and software projects have security
teams dedicated to releasing the most reliable software patches
• Publicly released update to fix a known bug/issue
63. 3. Service pack
• A service pack (in short SP) is a collection of updates, fixes and/or enhancements
to a software program delivered in the form of a single installable package.
• Many companies, such as Microsoft or Autodesk, typically release a service pack
when the number of individual patches to a given program reaches a certain
(arbitrary) limit.
• Installing a service pack is easier and less error-prone than installing a high
number of patches individually, even more so when updating multiple computers
over a network.
• Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3
etc
• Large Update that fixes many outstanding issues, normally includes all Patches,
Hotfixes, Maintenance releases that predate the service pack.
64. Information Security
• Information Security is not only about securing information from unauthorized
access.
• Information Security is basically the practice of preventing unauthorized access,
use, disclosure, disruption, modification, inspection, recording or destruction of
information.
• Information can be physical or electronic one.
• Information can be anything like Your details or we can say your profile on social
media, your data in mobile phone, your biometrics etc.
65. Need of Information security
• Protecting the functionality of the organization
• Enabling the safe operation of applications
• Protecting the data that the organization collect and use
• Safeguarding technology assets in organizations
66. Information classification
• The information classification defines what kind of information is stored on
system.
• Level of Information classification used in Government or Military are as follows
1. Unclassified : Information access is public and will not affect confidentiality
2. Sensitive but unclassified : Information is sensitive & if gets disclosed then it
will not create serious damage to the organization
3. Confidential : Keep the information confidential
4. Secret : It is applied to the information where the u authorized disclosure of
such information could cause serious damage to the national security
5. Top secret : It is applied to the information where the u authorized disclosure
of such information could cause serious damage to the national security .It is
highest level of classification
67. • Level of Information classification used in Organization are as
follows:
1. Public : The information which is not fit into any level then that information
can have a public access because disclosure of such information
will not create serious impact on organization
2. Sensitive : This type of information needs higher level of classification than
normal information .This type of information needs confidential as well as
Integrity
3. Private : This type of information is personal in nature and used by company
only. The disclosure of such information can affect company and its employees
example : salary information etc
68. Criteria for Information classification
• Following are the criteria used to decide classification of
information:
1. Value : Value means means when the information is more valuable then that
information should be classified.
2. Age : Age state that the classification of information might be lowered if the
information value decreases over time
3. Useful Life : Useful Life state that if the information has been made out-of-
date due to new information or any other reasons then that information can
regularly be classified
4. Personal Association : The information which is personally associated with
particular individuals or it is addressed by a privacy law then such information
should be classified
69. Basic Principles of Information Security
• The Basic principle of Information security are also called CIA security
are as follows :
1. Confidentiality
2. Integrity
3. Authentication