SlideShare a Scribd company logo

Ch1 cse

Download as PPT, PDF
B
bhaskard8

computer security notes

Education
1 of 79
Introduction to Computer Security and Security Trends 22Marks Chapter 1
2 Need for security Information is a strategic resource A significant portion of organizational budget is spent on managing information Have several security related objectives • Confidentiality (secrecy) - protect info value • Integrity - protect info accuracy • Availability - ensure info delivery
3 What is Security? Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
4 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
5 Computer Security Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
6 What is Security? “Deals with the prevention and detection of unauthorised actions by users of a computer system.” “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
7 Security basics • Data ConfidentialityData Confidentiality ––protection of data from unauthorized disclosure. (Secrecy) • Data IntegrityData Integrity -- assurance that data received is as sent by an authorized entity. (Trust worthiness) • AvailabilityAvailability –– resource accessible/usable • AuthenticationAuthentication -- assurance that communicating entity is the one claimed – have both peer-entity & data origin authentication • Access ControlAccess Control -- prevention of the unauthorized use of a resource
8 Confidentiality  Preserving authorized restrictions on information access and disclosure  Protecting personal privacy and proprietary information  Loss of confidentiality is the unauthorized disclosure of information.
9 Integrity  Guarding against improper information modification or destruction  Loss of integrity is the unauthorized modification or destruction of information.  BA Attacker Modifies data
10 Availability  Ensuring timely and reliable access to and use of information  Loss of availability is the disruption of access to or use of information  Assures that systems work promptly and service is not denied to authorized users
11 Authentication  Authentication is the process of verifying communicating entity is the one who claim to be.  Authenticity is the property of being genuine, valid or trusted.  Authentication helps to establish proof of identities.  Authentication gives confidence in the validity of transmission, a message, or originator.  The task of authentication mechanism is to make sure that only valid user is admitted.
12 Authentication Method Something you know Authentication based on users remembrance Ex. Username and password Something you have Authentication based on some thing that user needs to carry Ex. Access card, Something you are Authentication based on humans unique physical characteristics. Biometrics.
13 Access Control  Access is the ability of a subject to interact with an object.  It is ability to specify, control and limit the access to the host system or application, which prevents unauthorized use to access or modify data or resources  prevention of the unauthorized use of a resource
14 Non Repudiation  Nonrepudiation prevents either sender or receiver from denying a transmitted message.  Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message.  Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message
15 Authorization  Authorization is a process of verifying that a known person has the authority to perform certain operation.  Authorization cannot occur without authentication.
16 Example of Security Low • Loss should have a limited effect on Org operations, assets or individuals • Cause degradation in mission capability • Reduce effectiveness of function • Minor damage to assets • Minor functional loss • Minor harm to individual
17 Example of Security Moderate • Loss should have a serious effect on Org operations, assets or individuals • Cause significant degradation in mission capability • significantly reduce effectiveness of function • significant damage to assets • significant functional loss • significant harm to individual
18 Example of Security High • Loss should have a sever effect on Org operations, assets or individuals • Cause sever degradation in mission capability • Organization is not able to perform one or more primary function • major damage to assets • Major functional loss • Major harm to individual
19 Challenges for Security • Not simple, major requirement of CIA, • While designing security mechanism consider potential attack. • Security mechanism is complex • It is necessary to decide where to use them (physical / logical). • Involves more than one protocol/algorithm, problem of secret information (encryption key)
20 Challenges for Security • War between attacker and admin/designer • Problem of human tendency, security investment until failure • Need regular, constant monitoring • It is essential to add security at time of designing rather than after design. • Security is often afterthought (consider at design time) • Tendency, strong security is obstacle
21 Model for Security Security means protecting assets, and assets are  Hardware  Software  Data  Communication facilities and networks Following are possible vulnerabilities  Data can be Corrupted.  Data can be leak.  Data can be unavailable.
22 Risk and Threat Analysis • Risk • Risk is some incident or attack that can cause damage to system. • An attack is done by sequence of actions like, Exploiting weak points
23 Risk and Threat Analysis • Risk analysis is review of data gathered and analysis of risk • Risk assessment team determine asset values, system criticality, likely threats, and existence of vulnerabilities. • Risk calculations Risk = Assets X Threats X Vulnerabilities
24 Risk and Threat Analysis Assets • Those items that an organization wishes to protect. • Asset can be any data, device or other component that support information related security. • Assets can be hardware, software, confidential information. • Valuing of assets scope and guide security risk assessment
25 Risk and Threat Analysis Threats • An undesired event that may result in loss, disclosure or damage to org asset. • Threat is potential for violation of security • When exist there is circumstance, capability, action or event could breach security • Threat can identified by damage done in asset. – Spoofing identity of users – Information may be disclosure – User get more privileges
26 Risk and Threat Analysis Vulnerability • Vulnerability is a weakness in the information infrastructure of org. • It will accidentally or intentionally damage the asset • Vulnerabilities can be – Programs with unnecessary privilege – Accounts default password not changed – Program with known faults. – Weak access control – Weak firewall.
27 Threats to Security • Viruses • Worms • Intruders • Insiders • Criminal organizations • Terrorists • Information warfare
28 VirusesViruses • Piece of software that infects programs – Modifying them to include a copy of the virus – So it executes secretly when host program is run • Specific to operating system and hardware – Taking advantage of their details and weaknesses • A typical virus goes through phases of: – Dormant – Propagation – Triggering – Execution
29 Virus • A virus attaches itself to program and propagates copies of itself to other programs. • The essential component of virus is set of instruction which, when executed, spreads itself to other, previously unaffected, programs or files. • performs two functions: I. It copies itself into previously uninfected programs or files. II. it executes whatever other instructions the virus author included in.
30 Virus • It may damage by replicating itself and taking up system resources, disk space, CPU time, or network connection. • A virus is a program that can pass on malicious code to other non-malicious program by modifying them. • The term ‘virus’ was coined acts like biological virus • A virus can be either transient or resident. – A transient virus has a life that depends on the life of its host; – The virus runs when its attached program executes and terminates when its attached program ends. – A resident virus locates itself in memory, then it can remain active or be activated as a stand alone program, even after its attached program ends.
31 Virus ClassificationVirus Classification • Boot sector • File infector • Macro virus • Stealth virus • Polymorphic virus • Metamorphic virus
32 Types of VirusesTypes of Viruses Can classify on basis of how they attack • Parasitic virus -Attaches itself to executable files and replicates • memory-resident virus -Lodges in the main memory and infects every program that executes. • Boot sector virus -Infects a boot record and spreads when the system is booted from the disk
33 Virus types • Stealth Virus – A stealth virus is one which hides the modification it has made in the file or boot record – By monitoring the system functions used by programs to read files or physical blocks from storage media – undetected by anti viral programs • Polymorphic Virus – A polymorphic virus is one which produces varied and fully operational copies of itself, in an attempt to avoid signature detection.
34 Macro VirusMacro Virus • Became very common in mid-1990s since – Platform independent – Infect documents – Easily spread • Exploit macro capability of office apps – Executable program embedded in office doc – Often a form of Basic • More recent releases include protection • Recognized by many anti-virus programs
35 Virus StructureVirus Structure • Components: – Infection mechanism - enables replication – Trigger - event that makes payload activate – Payload - what it does, malicious activity • Pre appended / post appended / embedded • When infected program invoked, executes virus code then original program code
36 Phases of VirusPhases of Virus a typical virus goes through phases of:a typical virus goes through phases of:  DormantDormant  PropagationPropagation  TriggeringTriggering  ExecutionExecution
37 Triggers of the Virus Attacks Attacks begin upon the occurrence of a certain event On a certain Date/ time of year. At a certain time of day When a certain job is run After cloning itself n times when a certain combination of keystrokes occurs When a computer is restarted. The virus code must put itself into a position to either start itself when the computer is turned on, or when a specific program is run
38 Protection against viruses 1. Education 2. Backup and recovery procedures 3. Isolate software libraries 4. Implement software library management procedures 5. Develop a virus alert procedure
39 Worm • A worm is a program that can replicate itself • It is a malicious s/w which does not require a host program for its execution. • Replicating program that propagates over net but not infecting program (does not attach itself to a program) • worm is non destructive • A worm can harm a computer system by filling main memory with its replicated copies.
40 Worm • Worm is able to send multiple copies of itself to other computer on network • A worm can harm a network and consume network bandwidth. • Has phases like a virus: – Dormant, propagation, triggering, execution – Propagation phase: searches for other systems, connects to it, copies self to it and runs
41 Some Worm AttacksSome Worm Attacks • Code Red – July 2001 exploiting MS IIS bug – probes random IP address, does DDoS attack • Code Red II variant includes backdoor • SQL Slammer – early 2003, attacks MS SQL Server • Mydoom – mass-mailing e-mail worm that appeared in 2004 – installed remote access backdoor in infected systems • Warezov family of worms – scan for e-mail addresses, send in attachment
Virus vs Worm Virus Worm A piece of code that attaches itself to other program A malicious program that spread automatically Virus modifies code Worm does not modify code Some viruses cannot replicate itself It can replicate itself Virus is destructive in nature Worm is non destructive Aim of virus is to infect other program stored on computer system Aim of worm is to make computer or network unusable Virus infect files Worm does not infect other files but it occupies memory space by replication Virus may need trigger for execution Worm does not need any trigger. 42
43 Insiders • More dangerous than outside intruders • Most difficult to detect and prevent • Have access and knowledge to cause immediate damage to an organization. • Have knowledge of the security systems in place and will be better able to avoid detection. • Employees are not the only insiders but there are other people who have access like contractors or partners.
44 Insiders For Preventing Insider attacker • Enforce least privilege, allow access to resources that employee need to do their job • Set logs to see what users access and what commands they are entering. • Protect sensitive resources with strong authentication • Upon termination, delete employees computer and network access.
45 Intruders • Hacking means act of accessing computer system/n/w without authorization. (includes authorized users) • Intruders are extremely patience since the process to gain access is requires persistence and dogged determination • If first attack gets fail they try in different angle (search for another possible vulnerability) • Second attack may be blocked/fail, they try for third and so on till they get vulnerability or access
46 Intruders Levels •At low end the individuals who are not technically experts to develop new script or find new vulnerability •They use readymade scripts (downloaded) for known vulnerability •Next level, the peoples who are capable of writing scripts to exploit known vulnerabilities. •8 to 12 % malicious internet activity •Top end, called elite hackers. •Capable of writing scripts that exploit vulnerability. •Also capable of discovering new vulnerabilities.
47 Intruders • Often referred to as a hacker or cracker • Three classes of intruders: – Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account – Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges – Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
48 Intruders Insiders Intruders are authorized or unauthorized users who are trying to access the system or network Insiders are authorized users who try to access system or network for which he is unauthorized Intruders are hackers or crackers Insiders are not hackers Intruders are illegal users Insiders are legal user Intruders are less dangerous Insiders are more dangerous Intruders have to study or gain knowledge about security system Insiders have a knowledge about the security system. Intruders do not have access to system Insiders have easy access to system Many security mechanisms are used to protect from intrudes There is no such mechanism to protect system from insider
49 Criminal organizations • Organized groups of hackers now a threat – Corporation / government / loosely affiliated gangs – Typically young – Often target credit cards on e-commerce server • Criminal activities on the internet same as criminal activities in physical world – Fraud, extortion, theft, forgery • Criminal hackers usually have specific targets • Once penetrated act quickly and get out • IDS / IPS help but less effective • Sensitive data needs strong protection
50 Terrorists and Information Warfare • Nations are dependent on computer and network • Information is conducted against information and information processing equipments. • It is highly structured threat/attack • It requires a longer period of penetration, large financial backing, and large organized group of attackers • Military forces are key target
51 Avenues of Attack • The two most frequent types of attacks: – viruses and insider abuse. • 2 general reasons a particular computer system is attacked: – It is either specifically targeted by the attacker, not because of the hardware or software the organization is running but for some other reason, such as a political reason – Or it is an opportunistic target, is conducted against a site that has hardware or software that is vulnerable to a specific exploit. • Targeted attacks are more difficult and take more time than attacks on a target of opportunity
52 The Steps in an Attack • The steps an attacker takes are similar to the ones that a security consultant performing a penetration test would take. – gather as much information about the organization as possible. – determine what target systems are available and active. 1.ping sweep, sends an ICMP echo request to the target machine. 2.perform a port scan to identify the open ports, which indicates the services running on the target machine. 3.Determine OS – refer • An attacker can search for known vulnerabilities and tools that exploit them, download the information and tools, and then use them against a site. • If the exploits do not work, other, less system-specific, attacks may be attempted.
53 Security AttacksSecurity Attacks
54 Passive AttacksPassive Attacks • Eavesdropping on transmissions • Attacker aims to obtain information in transit – Release of possibly sensitive/confidential message contents – Traffic analysis which monitors frequency and length of messages to get info on senders • Does not perform any modification to data. • Difficult to detect • Can be prevented using encryption
55 Passive AttacksPassive Attacks
56 Passive Attacks TypesPassive Attacks Types • Release of Message contents – A confidential message should be accessed by authorized user otherwise a message is released against our wishes • Traffic analysis – Attacker may try to find out similarities between encodes message for some clues regarding communication
57 Active AttacksActive Attacks • The contents of original message are modified by the attacker • These attacks can not be prevented easily. • Types of active attack • Interruption: • Modification • Fabrication.
58 Active AttacksActive Attacks • Masquerade – pretending to be a different entity • Replay • Modification of messages • Denial of service • Easy to detect – Detection may lead to deterrent • Hard to prevent – Focus on detection and recovery
59 Active AttacksActive Attacks
60 Denial of Service Attack • Attacker is attempting to deny authorized users access to specific information. • Aim of DOS attack is to prevent access to target system. • Denial-of-service (DoS) attack aims at disrupting the authorized use of networks, systems, or applications. 60
61 SYN Flooding Attack • Used to prevent to prevent services to the system. • Takes advantage of trusted relationship of TCP SYN SYN+ACK ACK TCP 3 Way Handshake 61
62 SYN Flooding Attack • The attacker sends fake request of communication • Each of these requests will be answered by the target system, which then waits for the third part of the handshake. • Since the requests are fake the target will wait for responses that will never come. • The target system will drop these connections after a specific time-out period 62
63 SYN Flooding Attack SYN With Fake IP address SYN+ACK SYN Flooding Attack Attacker Target Response to Fake IP address Reserve Connection Wait for ACK 63
64 SYN Flooding Attack • If the attacker sends requests faster than the time- out period eliminates them, the system will quickly be filled with requests. • The number of connections a system can support is finite, when more requests come in than can be processed, the system will soon be reserving all its connections for fake requests. • Any further requests are simply dropped 64
65 Ping of Death (POD) Attack • In the POD attack, the attacker sends an Internet Control Message Protocol (ICMP) ping packet equal to, or exceeding 64KB. • Certain systems were not able to handle this size of packet, and the system would hang or crash. 65
66 Distributed Denial of Service Attack • DoS attacks are conducted using single system • A DOS attack employing multiple attacking systems is known as a distributed denial of service (DDOS) attack • The goal of a DDOS attack is the same: to deny the use of or access to a specific service or system. • Aim of DDOS is to overwhelm the target with traffic from many different systems. 66
67 Distributed Denial of Service Attack 67
68 Distributed Denial of Service Attack • A network of attack agents (Zombies) created by attacker. • When zombies/agent receives command attacker, the agents commence sending a specific type of traffic against the target. • Systems are compromised and DDOS S/W agent is installed • Sleep zombies are activated after receiving attack command. 68
69 Backdoor and TrapdoorsBackdoor and Trapdoors • Secret entry point into a program • Allows those who know access bypassing usual security procedures • Have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • Avery hard to block in O/S • Requires good s/w development & update
70 Sniffing • It is software or hardware that is used to observe traffic as it passes through a network on shared broadcast media. • used to view all traffic or target specific protocol, service, or string of characters like logins. • Some network sniffers are not just designed to observe the all traffic but also modify the traffic. • Network administrators use sniffers for monitoring traffic. 70
71 Sniffing • used for network bandwidth analysis R Attacker 71
Spoofing • Spoofing – A sophisticated way to authenticate one machine to another by using forged packets – Misrepresenting the sender of a message to cause the human recipient to behave a certain way • Two critical issues for internetworked systems – Trust – Authentication • Authentication is less critical when there is more trust • A computer can be authenticated by its IP address, IP host address, or MAC address • TCP/IP has a basic flaw that allows IP spoofing • Trust and authentication have an inverse relationship • Initial authentication is based on the source address in trust relationships • Most fields in a TCP header can be changed (forged) 72
73 Man_In_The_Middle Attack (MITM( • A Man_in_The_Middle attack generally occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view and/or modify the traffic. Host 1 Host 2 Communication appears to be direct Communication actually sent to attacker Attacker relays message to dest. host Attacker 73
74 Man_In_The_Middle Attack (MITM( • This is done by ensuring that all communication going to or from the target host routed through the attacker host. • The attacker can observe all traffic before relaying it and can actually modify or block traffic. • To the target host it appears that communication is occurring normally, since all expected replies are received • A MITM attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. 74
75 Replay Attack • A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. • A replay attack is an attack where the attacker captures a portion of a comm. between two parties and retransmits it after some time. • A best way to prevent replay attacks is with encryption, cryptographic authentication and time stamps. 75
76 Malware • The term malware also known as malicious code. • Malware refers to S/W that has been designed for some nefarious purpose. • Designed to cause damage to a system such as deleting all files, • It may be designed to create a backdoor in the system in order to grant access to unauthorized users. • Different types of malicious S/W, such as viruses, worms, Trojan horse, logic bomb. • Malicious code runs under the users authority. • Malicious code can read, write, modify, append or even delete data or files without users permission.
77 Logic BombLogic Bomb • One of oldest types of malicious software • Code embedded in legitimate program • Activated when specified conditions met – eg presence/absence of some file – particular date/time – particular user • When triggered typically damage system – modify/delete files/disks
78 Trojan HorseTrojan Horse • Program with hidden side-effects • Which is usually superficially attractive – eg game, s/w upgrade etc • When run performs some additional tasks – allows attacker to indirectly gain access they do not have directly • Often used to propagate a virus/worm or install a backdoor • Or simply to destroy data
79 ZombieZombie • Program which secretly takes over another networked computer • Then uses it to indirectly launch attacks • Often used to launch distributed denial of service (DDoS) attacks • Exploits known flaws in network systems

Recommended

Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
PranaviVerma
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber security(2018 updated)
Cyber security(2018 updated)Cyber security(2018 updated)
Cyber security(2018 updated)
PrabhatChoudhary11
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 

Recommended

Pranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-pptPranavi verma-cyber-security-ppt
Pranavi verma-cyber-security-ppt
PranaviVerma
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber security(2018 updated)
Cyber security(2018 updated)Cyber security(2018 updated)
Cyber security(2018 updated)
PrabhatChoudhary11
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
Computer Security
Computer SecurityComputer Security
Computer Security
AkNirojan
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
merlyna
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
Nuth Otanasap
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
Ramesh Upadhaya
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
KiranKumar24546
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
RickWaldman
 
Cybercrime online presentation
Cybercrime online presentationCybercrime online presentation
Cybercrime online presentation
sarahj6
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
Net at Work
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
Mark Conway
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
MLG College of Learning, Inc
 
Module 2 - Information Assurance Concepts.pptx
Module 2 - Information Assurance Concepts.pptxModule 2 - Information Assurance Concepts.pptx
Module 2 - Information Assurance Concepts.pptx
Humphrey Humphrey
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Security policy
Security policySecurity policy
Security policy
Dhani Ahmad
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
shahadd2021
 

More Related Content

What's hot

Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
Ali Habeeb
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

What's hot (20)

How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Cyber Terrorism Presentation
Cyber Terrorism PresentationCyber Terrorism Presentation
Cyber Terrorism Presentation
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Insider threat
Insider threatInsider threat
Insider threat
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Cybercrime online presentation
Cybercrime online presentationCybercrime online presentation
Cybercrime online presentation
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
 
Module 2 - Information Assurance Concepts.pptx
Module 2 - Information Assurance Concepts.pptxModule 2 - Information Assurance Concepts.pptx
Module 2 - Information Assurance Concepts.pptx
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Security policy
Security policySecurity policy
Security policy
 

Similar to Ch1 cse

Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
shahadd2021
 
UNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav AcharyaUNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav Acharya
nmnqknibzxthowqwzc
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Informations Security and It's Consequence By Sulav Acharya
Informations Security and It's Consequence By Sulav AcharyaInformations Security and It's Consequence By Sulav Acharya
Informations Security and It's Consequence By Sulav Acharya
AchSulav
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 

Similar to Ch1 cse (20)

Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Lecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.pptLecture 01- What is Information Security.ppt
Lecture 01- What is Information Security.ppt
 
Network and Information security_new2.pdf
Network and Information security_new2.pdfNetwork and Information security_new2.pdf
Network and Information security_new2.pdf
 
UNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav AcharyaUNit 7 Information Security By Sulav Acharya
UNit 7 Information Security By Sulav Acharya
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Informations Security and It's Consequence By Sulav Acharya
Informations Security and It's Consequence By Sulav AcharyaInformations Security and It's Consequence By Sulav Acharya
Informations Security and It's Consequence By Sulav Acharya
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Network Security Topic 1 intro
Network Security Topic 1 introNetwork Security Topic 1 intro
Network Security Topic 1 intro
 
20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf20210629_104540Information Security L1.pdf
20210629_104540Information Security L1.pdf
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
02-overview.pptx
02-overview.pptx02-overview.pptx
02-overview.pptx
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Information Security
Information Security Information Security
Information Security
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 
Protection and security
Protection and securityProtection and security
Protection and security
 

Recently uploaded

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 

Recently uploaded (20)

Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Tatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf artsTatlong Kwento ni Lola basyang-1.pdf arts
Tatlong Kwento ni Lola basyang-1.pdf arts
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Our Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdfOur Environment Class 10 Science Notes pdf
Our Environment Class 10 Science Notes pdf
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 

Ch1 cse

  • 1. Introduction to Computer Security and Security Trends 22Marks Chapter 1
  • 2. 2 Need for security Information is a strategic resource A significant portion of organizational budget is spent on managing information Have several security related objectives • Confidentiality (secrecy) - protect info value • Integrity - protect info accuracy • Availability - ensure info delivery
  • 3. 3 What is Security? Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
  • 4. 4 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
  • 5. 5 Computer Security Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
  • 6. 6 What is Security? “Deals with the prevention and detection of unauthorised actions by users of a computer system.” “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
  • 7. 7 Security basics • Data ConfidentialityData Confidentiality ––protection of data from unauthorized disclosure. (Secrecy) • Data IntegrityData Integrity -- assurance that data received is as sent by an authorized entity. (Trust worthiness) • AvailabilityAvailability –– resource accessible/usable • AuthenticationAuthentication -- assurance that communicating entity is the one claimed – have both peer-entity & data origin authentication • Access ControlAccess Control -- prevention of the unauthorized use of a resource
  • 8. 8 Confidentiality  Preserving authorized restrictions on information access and disclosure  Protecting personal privacy and proprietary information  Loss of confidentiality is the unauthorized disclosure of information.
  • 9. 9 Integrity  Guarding against improper information modification or destruction  Loss of integrity is the unauthorized modification or destruction of information.  BA Attacker Modifies data
  • 10. 10 Availability  Ensuring timely and reliable access to and use of information  Loss of availability is the disruption of access to or use of information  Assures that systems work promptly and service is not denied to authorized users
  • 11. 11 Authentication  Authentication is the process of verifying communicating entity is the one who claim to be.  Authenticity is the property of being genuine, valid or trusted.  Authentication helps to establish proof of identities.  Authentication gives confidence in the validity of transmission, a message, or originator.  The task of authentication mechanism is to make sure that only valid user is admitted.
  • 12. 12 Authentication Method Something you know Authentication based on users remembrance Ex. Username and password Something you have Authentication based on some thing that user needs to carry Ex. Access card, Something you are Authentication based on humans unique physical characteristics. Biometrics.
  • 13. 13 Access Control  Access is the ability of a subject to interact with an object.  It is ability to specify, control and limit the access to the host system or application, which prevents unauthorized use to access or modify data or resources  prevention of the unauthorized use of a resource
  • 14. 14 Non Repudiation  Nonrepudiation prevents either sender or receiver from denying a transmitted message.  Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message.  Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message
  • 15. 15 Authorization  Authorization is a process of verifying that a known person has the authority to perform certain operation.  Authorization cannot occur without authentication.
  • 16. 16 Example of Security Low • Loss should have a limited effect on Org operations, assets or individuals • Cause degradation in mission capability • Reduce effectiveness of function • Minor damage to assets • Minor functional loss • Minor harm to individual
  • 17. 17 Example of Security Moderate • Loss should have a serious effect on Org operations, assets or individuals • Cause significant degradation in mission capability • significantly reduce effectiveness of function • significant damage to assets • significant functional loss • significant harm to individual
  • 18. 18 Example of Security High • Loss should have a sever effect on Org operations, assets or individuals • Cause sever degradation in mission capability • Organization is not able to perform one or more primary function • major damage to assets • Major functional loss • Major harm to individual
  • 19. 19 Challenges for Security • Not simple, major requirement of CIA, • While designing security mechanism consider potential attack. • Security mechanism is complex • It is necessary to decide where to use them (physical / logical). • Involves more than one protocol/algorithm, problem of secret information (encryption key)
  • 20. 20 Challenges for Security • War between attacker and admin/designer • Problem of human tendency, security investment until failure • Need regular, constant monitoring • It is essential to add security at time of designing rather than after design. • Security is often afterthought (consider at design time) • Tendency, strong security is obstacle
  • 21. 21 Model for Security Security means protecting assets, and assets are  Hardware  Software  Data  Communication facilities and networks Following are possible vulnerabilities  Data can be Corrupted.  Data can be leak.  Data can be unavailable.
  • 22. 22 Risk and Threat Analysis • Risk • Risk is some incident or attack that can cause damage to system. • An attack is done by sequence of actions like, Exploiting weak points
  • 23. 23 Risk and Threat Analysis • Risk analysis is review of data gathered and analysis of risk • Risk assessment team determine asset values, system criticality, likely threats, and existence of vulnerabilities. • Risk calculations Risk = Assets X Threats X Vulnerabilities
  • 24. 24 Risk and Threat Analysis Assets • Those items that an organization wishes to protect. • Asset can be any data, device or other component that support information related security. • Assets can be hardware, software, confidential information. • Valuing of assets scope and guide security risk assessment
  • 25. 25 Risk and Threat Analysis Threats • An undesired event that may result in loss, disclosure or damage to org asset. • Threat is potential for violation of security • When exist there is circumstance, capability, action or event could breach security • Threat can identified by damage done in asset. – Spoofing identity of users – Information may be disclosure – User get more privileges
  • 26. 26 Risk and Threat Analysis Vulnerability • Vulnerability is a weakness in the information infrastructure of org. • It will accidentally or intentionally damage the asset • Vulnerabilities can be – Programs with unnecessary privilege – Accounts default password not changed – Program with known faults. – Weak access control – Weak firewall.
  • 27. 27 Threats to Security • Viruses • Worms • Intruders • Insiders • Criminal organizations • Terrorists • Information warfare
  • 28. 28 VirusesViruses • Piece of software that infects programs – Modifying them to include a copy of the virus – So it executes secretly when host program is run • Specific to operating system and hardware – Taking advantage of their details and weaknesses • A typical virus goes through phases of: – Dormant – Propagation – Triggering – Execution
  • 29. 29 Virus • A virus attaches itself to program and propagates copies of itself to other programs. • The essential component of virus is set of instruction which, when executed, spreads itself to other, previously unaffected, programs or files. • performs two functions: I. It copies itself into previously uninfected programs or files. II. it executes whatever other instructions the virus author included in.
  • 30. 30 Virus • It may damage by replicating itself and taking up system resources, disk space, CPU time, or network connection. • A virus is a program that can pass on malicious code to other non-malicious program by modifying them. • The term ‘virus’ was coined acts like biological virus • A virus can be either transient or resident. – A transient virus has a life that depends on the life of its host; – The virus runs when its attached program executes and terminates when its attached program ends. – A resident virus locates itself in memory, then it can remain active or be activated as a stand alone program, even after its attached program ends.
  • 31. 31 Virus ClassificationVirus Classification • Boot sector • File infector • Macro virus • Stealth virus • Polymorphic virus • Metamorphic virus
  • 32. 32 Types of VirusesTypes of Viruses Can classify on basis of how they attack • Parasitic virus -Attaches itself to executable files and replicates • memory-resident virus -Lodges in the main memory and infects every program that executes. • Boot sector virus -Infects a boot record and spreads when the system is booted from the disk
  • 33. 33 Virus types • Stealth Virus – A stealth virus is one which hides the modification it has made in the file or boot record – By monitoring the system functions used by programs to read files or physical blocks from storage media – undetected by anti viral programs • Polymorphic Virus – A polymorphic virus is one which produces varied and fully operational copies of itself, in an attempt to avoid signature detection.
  • 34. 34 Macro VirusMacro Virus • Became very common in mid-1990s since – Platform independent – Infect documents – Easily spread • Exploit macro capability of office apps – Executable program embedded in office doc – Often a form of Basic • More recent releases include protection • Recognized by many anti-virus programs
  • 35. 35 Virus StructureVirus Structure • Components: – Infection mechanism - enables replication – Trigger - event that makes payload activate – Payload - what it does, malicious activity • Pre appended / post appended / embedded • When infected program invoked, executes virus code then original program code
  • 36. 36 Phases of VirusPhases of Virus a typical virus goes through phases of:a typical virus goes through phases of:  DormantDormant  PropagationPropagation  TriggeringTriggering  ExecutionExecution
  • 37. 37 Triggers of the Virus Attacks Attacks begin upon the occurrence of a certain event On a certain Date/ time of year. At a certain time of day When a certain job is run After cloning itself n times when a certain combination of keystrokes occurs When a computer is restarted. The virus code must put itself into a position to either start itself when the computer is turned on, or when a specific program is run
  • 38. 38 Protection against viruses 1. Education 2. Backup and recovery procedures 3. Isolate software libraries 4. Implement software library management procedures 5. Develop a virus alert procedure
  • 39. 39 Worm • A worm is a program that can replicate itself • It is a malicious s/w which does not require a host program for its execution. • Replicating program that propagates over net but not infecting program (does not attach itself to a program) • worm is non destructive • A worm can harm a computer system by filling main memory with its replicated copies.
  • 40. 40 Worm • Worm is able to send multiple copies of itself to other computer on network • A worm can harm a network and consume network bandwidth. • Has phases like a virus: – Dormant, propagation, triggering, execution – Propagation phase: searches for other systems, connects to it, copies self to it and runs
  • 41. 41 Some Worm AttacksSome Worm Attacks • Code Red – July 2001 exploiting MS IIS bug – probes random IP address, does DDoS attack • Code Red II variant includes backdoor • SQL Slammer – early 2003, attacks MS SQL Server • Mydoom – mass-mailing e-mail worm that appeared in 2004 – installed remote access backdoor in infected systems • Warezov family of worms – scan for e-mail addresses, send in attachment
  • 42. Virus vs Worm Virus Worm A piece of code that attaches itself to other program A malicious program that spread automatically Virus modifies code Worm does not modify code Some viruses cannot replicate itself It can replicate itself Virus is destructive in nature Worm is non destructive Aim of virus is to infect other program stored on computer system Aim of worm is to make computer or network unusable Virus infect files Worm does not infect other files but it occupies memory space by replication Virus may need trigger for execution Worm does not need any trigger. 42
  • 43. 43 Insiders • More dangerous than outside intruders • Most difficult to detect and prevent • Have access and knowledge to cause immediate damage to an organization. • Have knowledge of the security systems in place and will be better able to avoid detection. • Employees are not the only insiders but there are other people who have access like contractors or partners.
  • 44. 44 Insiders For Preventing Insider attacker • Enforce least privilege, allow access to resources that employee need to do their job • Set logs to see what users access and what commands they are entering. • Protect sensitive resources with strong authentication • Upon termination, delete employees computer and network access.
  • 45. 45 Intruders • Hacking means act of accessing computer system/n/w without authorization. (includes authorized users) • Intruders are extremely patience since the process to gain access is requires persistence and dogged determination • If first attack gets fail they try in different angle (search for another possible vulnerability) • Second attack may be blocked/fail, they try for third and so on till they get vulnerability or access
  • 46. 46 Intruders Levels •At low end the individuals who are not technically experts to develop new script or find new vulnerability •They use readymade scripts (downloaded) for known vulnerability •Next level, the peoples who are capable of writing scripts to exploit known vulnerabilities. •8 to 12 % malicious internet activity •Top end, called elite hackers. •Capable of writing scripts that exploit vulnerability. •Also capable of discovering new vulnerabilities.
  • 47. 47 Intruders • Often referred to as a hacker or cracker • Three classes of intruders: – Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account – Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges – Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
  • 48. 48 Intruders Insiders Intruders are authorized or unauthorized users who are trying to access the system or network Insiders are authorized users who try to access system or network for which he is unauthorized Intruders are hackers or crackers Insiders are not hackers Intruders are illegal users Insiders are legal user Intruders are less dangerous Insiders are more dangerous Intruders have to study or gain knowledge about security system Insiders have a knowledge about the security system. Intruders do not have access to system Insiders have easy access to system Many security mechanisms are used to protect from intrudes There is no such mechanism to protect system from insider
  • 49. 49 Criminal organizations • Organized groups of hackers now a threat – Corporation / government / loosely affiliated gangs – Typically young – Often target credit cards on e-commerce server • Criminal activities on the internet same as criminal activities in physical world – Fraud, extortion, theft, forgery • Criminal hackers usually have specific targets • Once penetrated act quickly and get out • IDS / IPS help but less effective • Sensitive data needs strong protection
  • 50. 50 Terrorists and Information Warfare • Nations are dependent on computer and network • Information is conducted against information and information processing equipments. • It is highly structured threat/attack • It requires a longer period of penetration, large financial backing, and large organized group of attackers • Military forces are key target
  • 51. 51 Avenues of Attack • The two most frequent types of attacks: – viruses and insider abuse. • 2 general reasons a particular computer system is attacked: – It is either specifically targeted by the attacker, not because of the hardware or software the organization is running but for some other reason, such as a political reason – Or it is an opportunistic target, is conducted against a site that has hardware or software that is vulnerable to a specific exploit. • Targeted attacks are more difficult and take more time than attacks on a target of opportunity
  • 52. 52 The Steps in an Attack • The steps an attacker takes are similar to the ones that a security consultant performing a penetration test would take. – gather as much information about the organization as possible. – determine what target systems are available and active. 1.ping sweep, sends an ICMP echo request to the target machine. 2.perform a port scan to identify the open ports, which indicates the services running on the target machine. 3.Determine OS – refer • An attacker can search for known vulnerabilities and tools that exploit them, download the information and tools, and then use them against a site. • If the exploits do not work, other, less system-specific, attacks may be attempted.
  • 54. 54 Passive AttacksPassive Attacks • Eavesdropping on transmissions • Attacker aims to obtain information in transit – Release of possibly sensitive/confidential message contents – Traffic analysis which monitors frequency and length of messages to get info on senders • Does not perform any modification to data. • Difficult to detect • Can be prevented using encryption
  • 56. 56 Passive Attacks TypesPassive Attacks Types • Release of Message contents – A confidential message should be accessed by authorized user otherwise a message is released against our wishes • Traffic analysis – Attacker may try to find out similarities between encodes message for some clues regarding communication
  • 57. 57 Active AttacksActive Attacks • The contents of original message are modified by the attacker • These attacks can not be prevented easily. • Types of active attack • Interruption: • Modification • Fabrication.
  • 58. 58 Active AttacksActive Attacks • Masquerade – pretending to be a different entity • Replay • Modification of messages • Denial of service • Easy to detect – Detection may lead to deterrent • Hard to prevent – Focus on detection and recovery
  • 60. 60 Denial of Service Attack • Attacker is attempting to deny authorized users access to specific information. • Aim of DOS attack is to prevent access to target system. • Denial-of-service (DoS) attack aims at disrupting the authorized use of networks, systems, or applications. 60
  • 61. 61 SYN Flooding Attack • Used to prevent to prevent services to the system. • Takes advantage of trusted relationship of TCP SYN SYN+ACK ACK TCP 3 Way Handshake 61
  • 62. 62 SYN Flooding Attack • The attacker sends fake request of communication • Each of these requests will be answered by the target system, which then waits for the third part of the handshake. • Since the requests are fake the target will wait for responses that will never come. • The target system will drop these connections after a specific time-out period 62
  • 63. 63 SYN Flooding Attack SYN With Fake IP address SYN+ACK SYN Flooding Attack Attacker Target Response to Fake IP address Reserve Connection Wait for ACK 63
  • 64. 64 SYN Flooding Attack • If the attacker sends requests faster than the time- out period eliminates them, the system will quickly be filled with requests. • The number of connections a system can support is finite, when more requests come in than can be processed, the system will soon be reserving all its connections for fake requests. • Any further requests are simply dropped 64
  • 65. 65 Ping of Death (POD) Attack • In the POD attack, the attacker sends an Internet Control Message Protocol (ICMP) ping packet equal to, or exceeding 64KB. • Certain systems were not able to handle this size of packet, and the system would hang or crash. 65
  • 66. 66 Distributed Denial of Service Attack • DoS attacks are conducted using single system • A DOS attack employing multiple attacking systems is known as a distributed denial of service (DDOS) attack • The goal of a DDOS attack is the same: to deny the use of or access to a specific service or system. • Aim of DDOS is to overwhelm the target with traffic from many different systems. 66
  • 67. 67 Distributed Denial of Service Attack 67
  • 68. 68 Distributed Denial of Service Attack • A network of attack agents (Zombies) created by attacker. • When zombies/agent receives command attacker, the agents commence sending a specific type of traffic against the target. • Systems are compromised and DDOS S/W agent is installed • Sleep zombies are activated after receiving attack command. 68
  • 69. 69 Backdoor and TrapdoorsBackdoor and Trapdoors • Secret entry point into a program • Allows those who know access bypassing usual security procedures • Have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • Avery hard to block in O/S • Requires good s/w development & update
  • 70. 70 Sniffing • It is software or hardware that is used to observe traffic as it passes through a network on shared broadcast media. • used to view all traffic or target specific protocol, service, or string of characters like logins. • Some network sniffers are not just designed to observe the all traffic but also modify the traffic. • Network administrators use sniffers for monitoring traffic. 70
  • 71. 71 Sniffing • used for network bandwidth analysis R Attacker 71
  • 72. Spoofing • Spoofing – A sophisticated way to authenticate one machine to another by using forged packets – Misrepresenting the sender of a message to cause the human recipient to behave a certain way • Two critical issues for internetworked systems – Trust – Authentication • Authentication is less critical when there is more trust • A computer can be authenticated by its IP address, IP host address, or MAC address • TCP/IP has a basic flaw that allows IP spoofing • Trust and authentication have an inverse relationship • Initial authentication is based on the source address in trust relationships • Most fields in a TCP header can be changed (forged) 72
  • 73. 73 Man_In_The_Middle Attack (MITM( • A Man_in_The_Middle attack generally occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view and/or modify the traffic. Host 1 Host 2 Communication appears to be direct Communication actually sent to attacker Attacker relays message to dest. host Attacker 73
  • 74. 74 Man_In_The_Middle Attack (MITM( • This is done by ensuring that all communication going to or from the target host routed through the attacker host. • The attacker can observe all traffic before relaying it and can actually modify or block traffic. • To the target host it appears that communication is occurring normally, since all expected replies are received • A MITM attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. 74
  • 75. 75 Replay Attack • A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. • A replay attack is an attack where the attacker captures a portion of a comm. between two parties and retransmits it after some time. • A best way to prevent replay attacks is with encryption, cryptographic authentication and time stamps. 75
  • 76. 76 Malware • The term malware also known as malicious code. • Malware refers to S/W that has been designed for some nefarious purpose. • Designed to cause damage to a system such as deleting all files, • It may be designed to create a backdoor in the system in order to grant access to unauthorized users. • Different types of malicious S/W, such as viruses, worms, Trojan horse, logic bomb. • Malicious code runs under the users authority. • Malicious code can read, write, modify, append or even delete data or files without users permission.
  • 77. 77 Logic BombLogic Bomb • One of oldest types of malicious software • Code embedded in legitimate program • Activated when specified conditions met – eg presence/absence of some file – particular date/time – particular user • When triggered typically damage system – modify/delete files/disks
  • 78. 78 Trojan HorseTrojan Horse • Program with hidden side-effects • Which is usually superficially attractive – eg game, s/w upgrade etc • When run performs some additional tasks – allows attacker to indirectly gain access they do not have directly • Often used to propagate a virus/worm or install a backdoor • Or simply to destroy data
  • 79. 79 ZombieZombie • Program which secretly takes over another networked computer • Then uses it to indirectly launch attacks • Often used to launch distributed denial of service (DDoS) attacks • Exploits known flaws in network systems