3. Computer Security
Computer security is about
provisions and policies adopted to
protect information and property
from theft, corruption, or natural
disaster while allowing the
information and property to remain
accessible and productive to its
intended users.
4. Computer Security
Network security on the other hand deals with
provisions and policies adopted to prevent and
monitor unauthorized access, misuse, modification, or
denial of the computer network and network-
accessible resources.
Internet
Not Sufficient!!
6. 1) Spoofing Attack
2) Brut Force Attack
3) Malware Attack
4) Virus/Worm Attack
5) SMURF Attack
6) SYN Attack
7) Trojan Horse
8) Logic Bomb
9) Ping of Death
10)Packet Sniffing
11)Eavesdropping
12)Cracking
13)Session Hijacking
14)War Dialing
15)DoS/DDoS
16)Blackout/ Brownout
17)Serge/Spike
18)Traffic Analysis
19)Wire Tapping
Assignment 1 (15%):
• Pick two topics.
• Read about these security
attack related keywords and
write a three page/topic
(maximum) summary of your
findings including any
recorded history of
significant damages created
by these attacks.
• Send your report by email in
pdf format (Use your name as
the file name Ex. Kedir Ali).
• Bonus: While reading, if you
find keywords other than
these, send them on the
second page of your report.
Computer Security
7. Computer Security/ Overview
Security: The prevention and protection of computer
assets from unauthorized access, use, alteration,
degradation, destruction, and other threats.
Privacy: The right of the individual to be protected
against intrusion into his personal life or affairs, or those
of his family, by direct physical means or by publication
of information.
Security/Privacy Threat: Any person, act, or object
that poses a danger to computer security/privacy.
Definitions
8. Computer Security / History
Until 1960s computer security was limited to
physical protection of computers
In the 60s and 70s
Evolutions
Computers became interactive
Multiuser/Multiprogramming was invented
More and more data started to be stored in computer
databases
Organizations and individuals started to worry about
What the other persons using computers are doing to their
data
What is happening to their private data stored in large
databases
9. Computer Security / History
In the 80s and 90s
Evolutions
Personal computers were popularized
LANs and Internet invaded the world
Applications such as E-commerce, E-government and
E-health started to develop
Viruses become majors threats
Organizations and individuals started to worry about
Who has access to their computers and data
Whether they can trust a mail, a website, etc.
Whether their privacy is protected in the connected world
10. Computer Security / History
Famous security problems
Morris worm – Internet Worm
November 2, 1988 a worm attacked more than 60,000 computers
around the USA
The worm attacks computers, and when it has installed itself, it
multiplies itself, freezing the computer
It exploited UNIX security holes in Sendmail and Finger
A nationwide effort enabled to solve the problem within 12 hours
Robert Morris became the first person to be indicted
under the Computer Fraud and Abuse Act.
He was sentenced to three years of probation, 400 hours of
community service and a fine of $10,050
He is currently an associate professor at the
Massachusetts Institute of Technology (MIT)
11. Computer Security / History
Famous security problems …
NASA shutdown
In 1990, an Australian computer science student was
charged for shutting down NASA’s computer system
for 24 hours
Airline computers
In 1998, a major travel agency discovered that
someone penetrated its ticketing system and has
printed airline tickets illegally
Bank theft
In 1984, a bank manager was able to steal $25 million
through un-audited computer transactions
12. Computer Security / History
Famous security problems …
In Ethiopia
Employees of a company managed to change their salaries by
fraudulently modifying the company’s database
In 1990s Internet password theft
Hundreds of dial-up passwords were stolen and sold to other users
Many of the owners lost tens of thousands of Birr each
A major company suspended the use of a remote login software by
technicians who were looking at the computer of the General
Manager
In Africa: Cote d’Ivoire
An employee who has been fired by his company deleted all the
data in his company’s computer
13. Computer Security / History
Early Efforts
1960s: Marked as the beginning of true
computer security
1970s: Tiger teams
Government and industry sponsored crackers who attempted
to break down defenses of computer systems in order to
uncover vulnerabilities so that patches can be developed
1970s: Research and modeling
Identifying security requirements
Formulating security policy models
Defining recommended guidelines and controls
Development of secure systems
14. Computer Security / Legal Issues
In the US, legislation was enacted with regards to
computer security and privacy starting from late
1960s.
European Council adopted a convention on Cyber-
crime in 2001.
The World Summit for Information Society
considered computer security and privacy as a
subject of discussion in 2003 and 2005.
The Ethiopian Penal Code of 2005 has articles on
data and computer related crimes.
15. Computer Security /Attacks
Interruption: An attack on availability
Interception: An attack on confidentiality
Modification: An attack on integrity
Fabrication: An attack on authenticity
Categories of Attacks
16. Computer Security /Attacks
Categories of Attacks/Threats (W. Stallings)
Normal flow of information
Interruption Interception
Modification Fabrication
Source
Destination
Attack
17. Computer Security /Vulnerabilities
Physical vulnerabilities (Ex. Buildings)
Natural vulnerabilities (Ex. Earthquake)
Hardware and Software vulnerabilities (Ex. Failures)
Media vulnerabilities (Ex. Disks can be stolen)
Communication vulnerabilities (Ex. Wires can be tapped)
Human vulnerabilities (Ex. Insiders)
Types of Vulnerabilities
19. Computer Security / The Human Factor
The human factor is an important component of
computer security
Some organizations view technical solutions as
“their solutions” for computer security. However:
Technology is fallible (imperfect)
Ex. UNIX holes that opened the door for Morris worm
The technology may not be appropriate
Ex. It is difficult to define all the security requirements and find a
solution that satisfies those requirements
Technical solutions are usually (very) expensive
Ex. Antivirus purchased by ETC to protect its Internet services
Given all these, someone, a human, has to implement the solution
20. Computer Security / The Human Factor
Competence of the security staff
Ex. Crackers may know more than the security team
Understanding and support of management
Ex. Management does not want to spend money on
security
Staff’s discipline to follow procedures
Ex. Staff members choose simple passwords
Staff members may not be trustworthy
Ex. Bank theft
21. Computer Security / Physical Security
Physical security protects your physical computer
facility (your building, your computer room, your
computer, your disks and other media) [Chuck
Easttom].
Physical security is the use of physical controls to
protect premises, site, facility, building or other
physical asset of an organization [Lawrence Fennelly]
22. Computer Security / Physical Security
In the early days of computing physical security
was simple because computers were big,
standalone, expensive machines
It is almost impossible to move them (not
portable)
They were very few and it is affordable to
spend on physical security for them
Management was willing to spend money
Everybody understands and accepts that there
is restriction
23. Computer Security / Physical Security
Today
Computers are more and more portable (PC, laptop,
PDA, Smartphone)
There are too many of them to have good physical
security for each of them
They are not “too expensive” to justify spending more
money on physical security until a major crisis occurs
Users don’t accept restrictions easily
Accessories (ex. Network components) are not
considered as important for security until there is a
problem
Access to a single computer may endanger many more
computers connected through a network
24. Computer Security / Physical Security
=>
Physical security is much more
difficult to achieve today than some
decades ago
Why?
25. Computer Security / Physical Security
Natural Disasters
Fire and smoke
Fire can occur anywhere
Solution – Minimize risk
Good policies: NO SMOKING, etc..
Fire extinguisher, good procedure and training
Fireproof cases (and other techniques) for backup tapes
Fireproof doors
Climate
Heat
Direct sun
Humidity
Threats and vulnerabilities
26. Computer Security / Physical Security
Natural Disasters …
Hurricane, storm, cyclone
Earthquakes
Water
Flooding can occur even when a water tab is not properly closed
Electric supply
Voltage fluctuation
Solution: Voltage regulator
Lightning
Threats and vulnerabilities …
Solution
Avoid having servers in areas often hit by Natural Disasters!
27. Computer Security / Physical Security
People
Intruders
Thieves
People who have been given access unintentionally by the
insiders
Employees, contractors, etc. who have access to the facilities
External thieves
Portable computing devices can be stolen outside the
organization’s premises
Loss of a computing device
Mainly laptop
Threats and vulnerabilities …
28. Computer Security / Physical Security
Safe area
Safe area often is a locked place where
only authorized personnel can have
access
Organizations usually have safe area for
keeping computers and related devices
29. Computer Security / Physical Security
Is the area inaccessible through other openings
(window, roof-ceilings, ventilation hole, etc.)?
Design of the building with security in mind
Know the architecture of your building
Safe area … Challenges
During opening hours, is it always possible to
detect when unauthorized person tries to get to the
safe area?
Surveillance/guards, video-surveillance, automatic-
doors with security code locks, alarms, etc.
Put signs so that everybody sees the safe area
30. Computer Security / Physical Security
Are the locks reliable?
The effectiveness of locks depends on the design, manufacture,
installation and maintenance of the keys!
Among the attacks on locks are:
Illicit keys
Duplicate keys
Avoid access to the key by unauthorized persons even for a few seconds
Change locks/keys frequently
Key management procedure
Lost keys
Notify responsible person when a key is lost
There should be no label on keys
Circumventing of the internal barriers of the lock
Directly operating the bolt completely bypassing the locking mechanism which remains locked
Forceful attacks:
Punching, Drilling, Hammering, etc.
Safe area…Locks
31. Computer Security / Physical Security
Surveillance with guards
The most common in Ethiopia
Not always the most reliable since it adds a
lot of human factor
Not always practical for users (employees
don’t like to be questioned by guards
wherever they go)
Safe area… Surveillance
32. Computer Security / Physical Security
Safe area… Surveillance
Surveillance with video
Uses Closed Circuit Television (CCTV)
Started in the 1960s
Become more and more popular with the worldwide increase of
theft and terrorism
Advantages
A single person can monitor more than one location
The intruder doesn’t see the security personnel
It is cheaper after the initial investment
It can be recorded and be used for investigation
Since it can be recorded the security personnel is more careful
Today’s digital video-surveillance can use advanced techniques such
as face recognition to detect terrorists, wanted people, etc.
Drawback
Privacy concerns
33. Computer Security / Physical Security
Choose employees carefully
Personal integrity should be as important a
factor in the hiring process as technical skills
Create an atmosphere in which the levels of
employee loyalty, morale, and job satisfaction
are high
Remind employees, on a regular basis, of
their continuous responsibilities to protect
the organization’s information
Internal Human factor - Personnel
34. Computer Security / Physical Security
Establish procedures for proper destruction and
disposal of obsolete programs, reports, and data
Act defensively when an employee must be
discharged, either for cause or as part of a cost
reduction program
Such an employee should not be allowed access to
the system and should be carefully watched until
he or she leaves the premises
Any passwords used by the former employee
should be immediately disabled
Internal Human factor – Personnel …
36. Computer Security / Attacks & Threats
A computer security threat is any person,
act, or object that poses a danger to
computer security
Computer world is full of threats!
… refer to the first assignment…
And so is the real world!
Thieves, pick-pockets, burglars,
murderers, drunk drivers, …
37. Computer Security / Attacks & Threats
What is the right attitude?
To do what you do in real life
What do you do in real life?
You learn about the threats
What are the threats
How can these threats affect you
What is the risk for you to be attacked by these threats
How you can protect yourself from these risks
How much does the protection cost
What you can do to limit the damage in case you are attacked
How you can recover in case you are attacked
Then, you protect yourself in order to limit the risk but to
continue to live your life
You need to do exactly the same thing with computers!
38. Computer Security / Attacks & Threats
Types of Threats/Attacks … (Chuck Eastom)
Hacking Attack:
Any attempt to gain unauthorized access to
your system
Denial of Service (DoS) Attack
Blocking access from legitimate users
Physical Attack:
Stealing, breaking or damaging of computing
devices
39. Computer Security / Attacks & Threats
Malware Attack:
A generic term for software that has malicious
purpose
Examples
Viruses
Trojan horses
Spy-wares
New ones: Spam/scam, identity theft, e-payment
frauds, etc.
Types of Threats/Attacks (Chuck Eastom)
40. Computer Security /Threats
Viruses
“A small program that replicates and hides itself inside
other programs usually without your knowledge.”
Symantec
Similar to biological virus: Replicates and Spreads
Malware Attack:
Worms
An independent program that reproduces by copying
itself from one computer to another
It can do as much harm as a virus
It often creates denial of service
41. Computer Security /Threats
Trojan horses
(Ancient Greek tale of the city of Troy and the wooden
horse) - ??
Secretly downloading a virus or some other type of mal-
ware on to your computers.
Spy-wares
“A software that literally spies on what you do on your
computer.”
Example: Simple Cookies and Key Loggers
Malware Attack…
42. Computer Security /Threats
Infection mechanisms
First, the virus should search for and detect
objects to infect
Installation into the infectable object
Writing on the boot sector
Add some code to executable programs
Add some code to initialization/auto-executable
programs
Write a macro in a word file
…
Most software based attacks are commonly
called Viruses: How do viruses work?
43. Computer Security /Threats
Trigger mechanism
Date
Number of infections
First use
How do viruses work? …
Effects: It can be anything
A message
Deleting files
Formatting disk
Overloading processor/memory
Etc.
44. Computer Security /Threats
Adolescents
Ethically normal and of average/above
average intelligence.
Tended to understand the difference
between what is right and wrong
Typically do not accept any responsibility
for problems caused
Who Writes Virus
45. Computer Security /Threats
The College Student
Ethically normal
Despite expressing that what is illegal is
“wrong”
Are not typically concerned about the results of
their actions related to their virus writing
Who Writes Virus …
The Adult (smallest category)
Ethically abnormal
46. Computer Security /Threats
Three categories
Scanners
Activity monitors
Change detection software
Anti-Virus
There are
Generic solutions
Ex. Integrity checking
Virus specific solution
Ex. Looking for known viruses
47. Computer Security /Threats
Functions of anti-viruses
Identification of known viruses
Detection of suspected viruses
Blocking of possible viruses
Disinfection of infected objects
Deletion and overwriting of infected
objects
Anti-Virus …
48. Computer Security /Threats
Hacking: is any attempt to intrude or gain
unauthorized access to your system either via
some operating system flaw or other means. The
purpose may or may not be for malicious
purposes.
Hackers/Intrusion Attack:
Cracking: is hacking conducted for malicious purposes.
49. Computer Security /Threats
DoS Attack: is blocking access of legitimate
users to a service.
Denial of Service (DoS) Attack:
Distributed DoS Attack: is accomplished by
tricking routers into attacking a target or using
Zumbie hosts to simultaneously attack a given
target with large number of packets.
50. Computer Security /Threats
Simple illustration of DoS attack (from Easttom)
C:>Ping <address of X> -l 65000 –w 0 -t
Ping
Ping
Ping
Ping
Web Server X
Legitimate User
51. Encryption
Encryption: The conversion of data into
ciphertext, that cannot be easily understood by
unauthorized people.
Decryption: The process of converting
encrypted data back into its original form so
that it can be understood.
Text: Human, readable sequences of characters
Plaintext: What you have before encryption
Ciphertext: Encrypted text
Cipher: Usually refers to the method of encryption