The document provides an overview of key concepts in computer security. It discusses the CIA triad of confidentiality, integrity, and availability as fundamental security principles. It also defines common security threats like eavesdropping, masquerading, replay attacks, and denial-of-service attacks. Authentication, authorization, access control, accountability, and non-repudiation are presented as important security mechanisms. Denial-of-service attacks aim to disrupt systems by overloading them with requests to deny access to legitimate users.

1. Chapter I: INTRODUCTION
TO COMPUTER SECURITY
PART-1
Prepared by: Ms.K.S.Sathawane

2.  Computer security, cyber
security or information technology
security (IT security) is the protection
of computer systems from theft or damage to
their hardware, software or electronic data, as
well as from disruption or misdirection of the
services they provide.

3. 3
Ensuring that data is
protected from
unauthorized access
Ensuring
that data
can be
modified
only by
appropriate
mechanisms
The degree to which authorized
users can access information for
legitimate purposes

4.  A simple but widely-applicable security model
is the CIA triad standing for:
◦ Confidentiality
◦ Integrity
◦ Availability
 These are the three key principles which
should be guaranteed in any kind of secure
system.
 This principle is applicable across the whole
subject
 If any one of the three can be breached it can
have serious consequences for the parties
concerned.

5.  Confidentiality is the ability to hide
information from those people who are
unauthorized to view it.
 It is perhaps the most obvious aspect of the
CIA triad when it comes to security; but
correspondingly, it is also the one which is
attacked most often.
 Cryptography and Encryption methods are an
example of an attempt to ensure
confidentiality of data transferred from one
computer to another.

6.  The ability to ensure that data is an accurate
and unchanged representation of the original
secure information.
 One type of security attack is to intercept
some important data and make changes to it
before sending it on to the intended receiver.

7.  It is important to ensure that the information
concerned is readily accessible to the
authorized viewer at all times.
 Some types of security attack attempt to deny
access to the appropriate user, either for the
sake of inconveniencing them, or because
there is some secondary effect.
 For example, by breaking the web site for a
particular search engine, a rival may become
more popular.

9. 9
 A threat is a danger which could affect the security
(confidentiality, integrity, availability) of assets,
leading to a potential loss or damage.
 Interruption
 Interception
 Modification
 Fabrication

10. 10

11. 11

12.  An asset of the system is destroyed or becomes
unavailable or unusable. This is an attack on
the availability.
 Examples include destruction of a piece of
hardware, such as a hard disk, the cutting of a
communication link, or the disabling of the file
management system.
 DOS - Denial of Service Attacks have become
very well known.
12

13. 13

14.  Information disclosure/information leakage
 An unauthorized party gains access to an asset.
 This is an attack on confidentiality.
 The unauthorized party could be a person, a
program, or a computer.
 Examples include:
◦ wiretapping to capture data in a network
◦ the illicit copying of files or programs
14

15. 15

16.  Modification is integrity violation.
 An unauthorized party not only gains access to but
tampers with an asset.
 This is an attack on the integrity.
 Examples include changing values in a data file,
altering a program so that it performs differently,
and modifying the content of a message being
transmitted in a network.
16

17. 17

18.  An unauthorized party inserts counterfeit
objects into the system. This is an attack
on the authenticity.
 Examples include the insertion of spurious
messages in a network or the addition of
records to a file.
18

19. 19

20.  Computer Security attacks can be classified into
two broad categories:
◦ Passive Attacks can only observe
communications or data.
◦ Active Attacks can actively modify
communications or data. Often difficult to
perform, but very powerful. Examples include
 Mail forgery/modification
 TCP/IP spoofing/session hijacking
20

21. 21

22. 22

23.  Eavesdropping on or monitoring of
transmission.
 The goal of the opponent is to obtain
information that is being transmitted.
 Two types:
◦ Release-of-message contents
◦ Traffic Analysis
23

24.  Opponent finds out the contents or the actual
messages being transmitted.
 How to protect?
◦ Encryption
◦ Steganography
24

25.  More subtle than release-of-message contents.
 Messages may be kept secret by masking or
encryption but …
 The opponent figures out information being
carried by the messages based on the frequency
and timings of the message.
 How to protect?
◦ Data/Message Padding
◦ Filler Sequences
25

26.  Difficult to detect because there is no
modification of data.
 Protection approach should be based on
prevention rather than detection.
26

27.  Active attacks involve some sort of modification
of the data stream or the creation of a false
stream.
 Four sub-categories:
◦ Masquerade
◦ Replay
◦ Modification of Messages
◦ Denial of service
27

28.  An entity pretends to be another.
 For the purpose of doing some other form of
attack.
 Example a system claims its IP address to be
what it is not, IP spoofing.
 How to protect?
◦ Principal/Entity Authentication
28

30.  First passive capture of data and then its
retransmission to produce an unauthorized
effect.
 Could be disastrous in case of critical messages
such as authentication sequences, even if the
password were encrypted.
 How to protect?
◦ Time stamps
◦ Sequence Numbers
30

32.  Some portion of a legitimate message is altered
or messages are delayed or reordered to
produce an unauthorized effect.
 How to protect?
◦ Message Authentication Codes
◦ Chaining
32

34.  Authentication
 Authentication generally deals with personal
identification. It includes the mechanism of
validating the incoming request against certain
identifying credentials.
 Identity verification is implemented in three
general ways:
◦ Knowledge: Something You Know – based on user
knowledge
◦ Ownership: Something You Have - based on user
ownership
◦ Characteristics: Something You Are – based on user
characteristics

35.  Authorization ensures that user includes the
permission/privilege to perform a certain action
 For example, the user playing network access
role should only include the access rights
associated with network action.
 He shouldn’t be allowed to access storage or
other components.
 Both actions of authorization and authentication
are interdependent.
 Usually, the process of authorization validation
occurs after the successful authentication.

36.  Access control is a security aspect that
handles how user as well as system
communicates and use resources.
 In order to enforce security, each and every
access to the system and its resources should
be controlled and should ensure only
authorized access are allowed.
 This feature is mainly used to protect against
unauthorized disclosure, corruption,
modification, and destruction.

37.  Accountability is the third plank in the AAA
framework.
 It offers administrators, the ability to track
the activities that users performed at a
certain situation.
 It is a primary method to view what services
were utilized and how much resources were
used up by users.

38.  Non repudiation is the assurance that
someone cannot deny something.
 Typically, non repudiation refers to the
ability to ensure that a party to a contract or a
communication cannot deny the authenticity
of their signature on a document or the
sending of a message that they originated.

39.  In computing, a denial-of-service attack (DoS
attack) is a cyber-attack in which the perpetrator
seeks to make a machine or network resource
unavailable to its intended users by temporarily
or indefinitely disrupting services of
a host connected to the Internet.
 Denial of service is typically accomplished by
flooding the targeted machine or resource with
superfluous requests in an attempt to overload
systems and prevent some or all legitimate
requests from being fulfilled.

40.  Prevents the normal use or management of
communication facilities.
 Such attacks have become very common on the
Internet especially against web servers.
 On the Internet remotely located hackers can
crash the TCP/IP software by exploiting known
vulnerabilities in various implementations.
 One has to constantly look out for software
updates and security patches to protect against
these attacks.
40

41.  An attempt by an attacker on a high
bandwidth connection to saturate a network
with ICMP echo request packets in order to
slow or stop legitimate traffic going through
the network.

43.  A typical DDoS attack consists of amassing a
large number of compromised hosts to send
useless packets to jam a victim or its Internet
connection or both.

45.  Easy to detect but difficult to prevent.
 Efforts are directed to quickly recover
from disruption or delays.
 Good thing is that detection will have
a limited effect.
45