This document provides an overview of computer security concepts. It discusses threats like viruses, worms, bots and rootkits that can compromise security. It defines key terms like assets, attacks, intruders and vulnerabilities. The CIA triad of confidentiality, integrity and availability is explained as the standard for information security. Common attacks are also outlined, such as password cracking, man-in-the-middle, spoofing and social engineering. Malware is defined and the characteristics of viruses, worms and trojans are described.

1. Sruthikrishna G
Research associate
IIITMK
COMPUTER SECURITY

2. Contents : COMPUTER SECURITY
 Computer Security Concepts
 Threats
 Attacks
 Assets
 Intruders
 Malicious Software Overview
 Viruses
 Worms
 Bots
 Root kits.

3. Information Security
Information Security can be defined as the protection of
information and its critical elements, including the systems
and hardware that use, store and transmits that
information.

4. Information Security - Terms and
Definitions
1. Asset:
 The organizational resource that is being protected.
 An asset can be logical, such as Web site, information, or data; or an asset can be physical such
as a person, computer system, or other tangible object.
 Assets, particularly information assets are the focus of security efforts.

5. Information Security - Terms and Definitions (contd.)
2. Attack: An intentional or unintentional act that can cause damage to systems or
compromise information that support it. Attacks can be active or passive, intentional or
unintentional.
 Passive attack : Eavesdropping or monitoring.Goal of attacker is to obtain information
that is being transmitted .Diffcult to detect ,because they donot alter the data
 Two type :
1. Relase of message content : A telephone converstion ,an electroinc mail message
and a transferd file may contain senstive or cofidential information
2.Traffic Analysis : Encryption techinque can be used to protect the data

6. Cont…
 Active analysis : some modification of the data stream or the creation of a false stream
 Replay :form of network attack in which valid data transmission is maliciously
repeated or delayed
 Masquerade :when one entity pretends to be a different entity
 Modification of message : some portion of a legitimate message is altered or message
is deleted or recorded
 Denial of service : This attack will have a specific target .for example an entity may
suppress all messages directed to a particular destination ,disruption of an entire
network etc…

7. Cont…
2. Exploit: A technique used to compromise a system.
3. Risk: The probability that something unwanted will happen. Organizations
must minimize risk.
4. Threat: A category of objects, persons or entities that presents a danger to an
asset. Threats are always present and can be purposeful or undirected.

8. Information Security - Terms and Definitions (contd.)
5. Threat agent: The specific instance or a component of a threat.
6. Vulnerability: A weakness or fault in a system or protection mechanism that opens it
to attack or damage.
Eg:- Flaws in a software package, Unprotected system port, Unlocked door etc.

9. Characteristics of Information System
 The CIA triad of information security was created to provide a baseline
standard for evaluating and implementing information security regardless of the
underlying system and/or organization.
 The three core goals have distinct requirements and processes within each
other.
1. Confidentiality
2. Integrity
3. Availability

10. CIA - Explained
 Confidentiality: Ensures that data or an information system is accessed by only an
authorized person. User Id’s and passwords, access control lists (ACL) and policy based
security are some of the methods through which confidentiality is achieved
 Integrity: Integrity assures that the data or information system can be trusted. Ensures that
it is edited by only authorized persons and remains in its original state when at rest. Data
encryption and hashing algorithms are key processes in providing integrity
 Availability: Data and information systems are available when required. Hardware
maintenance, software patching/upgrading and network optimization ensures availability

11. Intruders
List of examples of intrusion :
 Guessing and cracking passwords
 Viewing sensitive data without permission
 Copying some database containing credit card numbers
 Dialing into an unsecured modem and gaining internal network access.
 Using an unattended, logged-in workstation without permission

12. Various attacks
1.Malicious code
2.Backdoors
3.Password attacks
4.MITM
5.Spoofing
6.Social Engineering

13. 1.Malicious Code
 The malicious code attack includes the execution of viruses, worms, Trojans and any
active Web scripts with the intent to destroy or steal information.
 These programs identifies the vulnerability present in the system and exploits them.
 Other forms of malware include covert software applications - bots, spyware and
adware that are designed to work out of sight of users.

14. 2. Backdoors
 A backdoor is a technique in which a system security mechanism is bypassed
undetectably to access a computer or its data.
 Also known as Trapdoor.
 Programmers have used backdoors legitimately for many years to debug and test
programs;such a backdoor is called a maintenance hook
 Backdoors are very hard to detect, because very often the programmer who puts it in
place also makes the access exempt from the usual audit logging features of system.

15. 3. Password Attacks
 To crack the password ,userid of bank accounts ,system account
 Brute Force :- The application of computing and network resources to try every possible
password combination is called a brute force attack.
 Dictionary :- The dictionary is a variation of brute force attack which narrows the field by
selecting specific target accounts and using a list of commonly used passwords(dictionary)
instead of random combinations.

16. 4. Man In The Middle (MITM) attack
 The man-in-the middle attack intercepts a communication between two
systems.
 For example, in an http transaction the target is the TCP connection between
client and server.
 Using different techniques, the attacker splits the original TCP connection into
2 new connections, one between the client and the attacker and the other
between the attacker and the server.

17. 5. Spoofing
 A spoofing attack is when a malicious party impersonates another device or
user on a network in order to launch attacks against network hosts, steal data,
spread malware or bypass access controls.
 Some of the most common methods include IP address spoofing attacks, DNS
server spoofing attacks.

18. 6. Spam
 Spam is a type of commercial e-mail.
 While many consider spam a trivial nuisance rather than an attack, it
has been used as a means of enhancing malicious code attacks.

19. 7. Social Engineering
 Social engineering is the art of manipulating people so they give up
confidential information.
 Phishing : fraud attempt to get information like passwords ,pin
numbers etc .
 Tailgating :A person gains unwanted entrance unto a facility by
using tricks and tactics to fool the employess of that company
 Dumpster Diving : retrive information that could carry out an
attack on a computer network

20. Malware
 Malware stands for malicious software.
 It is any software used to disrupt computer operations, gather sensitive information,
gain access to private computer systems, or display unwanted advertising.
Malware
Virus Worm
Trojan

21. What malwares can do?
▪ Access stored passwords.
▪ Read personal documents.
▪ Delete files.
▪ Disable firewalls and antivirus.
▪ Record screenshots, audio and video of the users.
▪ Display pictures and/or show messages on the screen.
▪ Generate fake traffic to create DOS attacks.
▪ Create backdoors to gain remote access.

22. Virus
 Replication by attaching to hosts
 Often evade detection by self-modification, which defeats
signature scanners, because each infected file contains a
different variant of the virus.

23. Worm
 A program or algorithm that replicates itself over a computer network
 Usually performs malicious actions, such as using up the computer's
resources and possibly shutting the system down.
 Worms use parts of an operating system that are automatic and usually
invisible to the user.
 It is common for worms to be noticed only when their uncontrolled
replication consumes system resources, slowing or halting other tasks.

24. Trojans
 A Trojan horse or Trojan is a type of malware that is often disguised as
legitimate software.
 Trojans can be employed by cyber-thieves and hackers trying to gain
access to users' systems.
 Users are typically tricked by some form of social engineering into
loading and executing Trojans on their systems.
 Once activated, Trojans can enable cyber-criminals to spy on you, steal
your sensitive data, and gain backdoor access to your system
 Trojans are not able to self-replicate.

25. Other Malwares
1.Bots
2.Rootkits

26. Bot
 A malicious bot is self-propagating malware designed to infect a host and
connect back to a central server for an entire network of compromised devices,
or "botnet"
 In addition to the worm-like ability to self-propagate,
 Bots can include the ability to log keystrokes
 gather passwords
 capture and analyze packets
 gather financial information
 launch DoS attacks
 Bots have all the advantages of worms, but are generally much more versatile
in their infection vector, and are often modified within hours of publication of
a new exploit.

27. Rootkit
 A rootkit is a computer program designed to provide continued privileged access to a
computer while actively hiding its presence.
 The term rootkit is a connection of the two words "root" and "kit."
 A rootkit allows someone to maintain command and control over a computer without
the computer user/owner knowing about it.

28. Thank You…