INTRODUCTION TO

COMPUTER SECURITY
 INTRODUCTION
 Computer security means protecting information and information systems
from unauthorized access, use, disclosure, disruption, modification, perusal,
inspection, recording or destruction.
 Computer security can focus on ensuring the availability and correct operation
of a computer system without concern for the information stored or processed
by the computer.
 Individuals and organizations alike depend on their computers and networks
for functions such as email, accounting, organization and file management.
 Intrusion by an unauthorized person can result in costly network outages and
loss of work.
 Attacks to a network can be devastating and can result in a loss of time and
money due to damage or theft of important information or assets.
 THREATS
 Threat: something that can cause harm or loss.
 Intruders can gain access to a network through software vulnerabilities,
hardware attacks or even through less high-tech methods, such as guessing
someone's username and password.
 Intruders who gain access by modifying software or exploiting software
vulnerabilities are often called hackers.
 Once the hacker gains access to the network, four types of threat may arise:
- Information theft
- Identity theft
- Data loss / manipulation
- Disruption of service
 SOURCES OF THREATS
 Security threats from network intruders can come from both internal and external sources.
1) Internal Sources
 Internal threats occur when someone has authorized access to the network through a user
account or have physical access to the network equipment.
 The internal attacker knows the internal politics and people. They often know what information is
both valuable and vulnerable and how to get to it. However, not all internal attacks are intentional.
 In some cases, an internal threat can come from a trustworthy employee who picks up a virus or
security threat, while outside the company and unknowingly brings it into the internal network.
 According to research, 70% of attacks are from within.
 Reasons for 70% internal attacks include:
i) Disgruntled employees ii) Collusions
iii) Ignorance iv) Lack of system access levels or privileges
v) Lonely employees vi) Social engineering
External threats
 External threats arise from individuals working outside of an organization.
 They do not have authorized access to the computer systems or network.
 External attackers work their way into a network mainly from the Internet, wireless links or
dialup access servers.
 External attacks amount to 30% of attacks.
 For example: hackers – black hat, grey or white hat hackers
 Facets of Security
 The rapid growth and widespread use of electronic data processing and electronic
business conducted through the Internet, along with numerous occurrences of
international terrorism, fueled the need for better methods of protecting the
computers and the information they store, process and transmit.
 The facets of security are confidentiality, Integrity, availability, authenticity, and
non – repudiation.

1) Confidentiality is the term used to prevent the disclosure of information to

unauthorized individuals or systems.
 Breaches of confidentiality take many forms. Permitting someone to look over your
shoulder at your computer screen while you have confidential data displayed on it
could be a breach of confidentiality.
 If a laptop computer containing sensitive information about a company's employees
is stolen or sold, it could result in a breach of confidentiality.
 Giving out confidential information over the telephone is a breach of confidentiality
if the caller is not authorized to have the information.
 Confidentiality is necessary (but not sufficient) for maintaining the privacy of the
people whose personal information a system holds
ii) Integrity
 In information security, integrity means that data cannot be modified
undetectably. Integrity is violated when a message is actively modified in
transit.
 Information security systems typically provide message integrity in addition to
data confidentiality.
iii) Availability
 For any information system to serve its purpose, the information must be
available when it is needed.
 This means that the computing systems used to store and process the
information, the security controls used to protect it, and the communication
channels used to access it must be functioning correctly.
 High availability systems aim to remain available at all times, preventing
service disruptions due to power outages, hardware failures, and system
upgrades.
 Ensuring availability also involves preventing denial-of-service attacks.
iv) Authentication
 Authentication provides the identification of the originator. It confirms to the receiver
that the data received has been sent only by an identified and verified sender.
 Authentication service has two variants:
- Message authentication identifies the originator of the message without any regard
router or system that has sent the message.
- Entity authentication is assurance that data has been received from a specific
entity, say a particular website.
 Apart from the originator, authentication may also provide assurance about other
parameters related to data such as the date and time of creation/transmission.
v) Non-repudiation
 It is a security service that ensures that an entity cannot refuse the ownership of a
previous commitment or an action.
 It is an assurance that the original creator of the data cannot deny the creation or
transmission of the said data to a recipient or third party.
 Non-repudiation is a property that is most desirable in situations where there are
chances of a dispute over the exchange of data.
 For example, once an order is placed electronically, a purchaser cannot deny the
purchase order, if non-repudiation service was enabled in this transaction.
 TYPES OF SECURITY
There are two (2) types of security:
1) Physical Security
 Physical security describes security measures that are designed to deny access
to unauthorized personnel (including attackers or even accidental intruders) from
physically accessing a building, facility, resource, or stored information; and
guidance on how to design structures to resist potentially hostile acts.
 Physical security can be as simple as a locked door or as elaborate as multiple
layers of barriers, armed security guards and guardhouse placement.
 Physical security is primarily concerned with restricting physical access by
unauthorized people (commonly interpreted as intruders) to controlled facilities,
although there are other considerations and situations in which physical security
measures are valuable (for example, limiting access within a facility and/or to
specific assets, and environmental controls to reduce physical incidents such as
fires and floods).
For instance, physical access controls for protected facilities are generally intended to:
 Deter potential intruders (e.g. warning signs and perimeter markings);
 Distinguish authorized from unauthorized people (e.g. using keycards/access
badges)
 Delay, frustrate and ideally prevent intrusion attempts (e.g. strong walls, door locks
and safes);
 Detect intrusions and monitor/record intruders (e.g. intruder alarms and CCTV
systems); and
 Trigger appropriate incident responses (e.g. by security guards and police).
 It is up to security designers, architects and analysts to balance security controls
against risks, taking into account the costs of specifying, developing, testing,
implementing, using, managing, monitoring and maintaining the controls, along
with broader issues such as aesthetics, human rights, health and safety, and
societal norms or conventions.
 Physical access security measures that are appropriate for a high security prison or
a military site may be inappropriate in an office, a home or a vehicle, although the
principles are similar
1) Logical security
 Logical Security consists of software safeguards for an organization’s systems, including
user identification and password access, authenticating, access rights and authority levels.
 These measures are to ensure that only authorized users are able to perform actions or
access information in a network or a workstation. It is a subset of computer security.
Elements of logical security
 Elements of logical security include:
 User IDs: also known as logins, user names, logons or accounts, are unique personal
identifiers for agents of a computer program or network that is accessible by more than
one agent. These identifiers are based on short strings of alphanumeric characters, and are
either assigned or chosen by the users.
 Authentication: is the process used by a computer program, computer, or network to
attempt to confirm the identity of a user. Blind credentials (anonymous users) have no
identity, but are allowed to enter the system. The confirmation of identities is essential to
the concept of access control, which gives access to the authorized and excludes the
unauthorized.
 Biometrics: authentication is the measuring of a user’s physiological or behavioral
features to attempt to confirm his/her identity.
 Password Authentication
 Password Authentication uses secret data to control access to a particular
resource.
 Usually, the user attempting to access the network, computer or computer
program is queried on whether they know the password or not, and is granted or
denied access accordingly.
 Passwords are either created by the user or assigned, similar to usernames
 Two-Way Authentication
 Two-Way Authentication involves both the user and system or network convincing
each other that they know the shared password without transmitting this
password over any communication channel.
 This is done by using the password as the encryption key to transmit a randomly
generated piece of information, or “the challenge.”
 METHODS OF ATTACK
Viruses, worms, Trojan Horses and Ransomware
 Social engineering is a common security threat which preys upon human
weakness to obtain desired results.
 In addition to social engineering, there are other types of attacks which exploit
the vulnerabilities in computer software.
 Examples of these attack techniques include: viruses, worms and Trojan horses.
 All of these are types of malicious software introduced onto a host.
 They can damage a system, destroy data, as well as deny access to networks,
systems, or services.
 They can also forward data and personal details from unsuspecting computer
users to criminals. In many cases, they can replicate themselves and spread to
other hosts connected to the network.
 Sometimes these techniques are used in combination with social engineering to
trick an unsuspecting user into executing the attack.
1) Viruses
 A virus is a program that runs and spreads by modifying other programs or files.
 A virus cannot start by itself; it needs to be activated.
 Once activated, a virus may do nothing more than replicate itself and spread.
 Though simple, even this type of virus is dangerous as it can quickly use all available
memory and bring a system to a halt.
 A more serious virus may be programmed to delete or corrupt specific files before spreading.
 Viruses can be transmitted via email attachments, downloaded files, instant messages or via
diskette, CD or USB devices.
2) Worms
 A worm is similar to a virus, but unlike a virus does not need to attach itself to an existing
program.
 A worm uses the network to send copies of itself to any connected hosts. Worms can run
independently and spread quickly.
 They do not necessarily require activation or human intervention.
 Self-spreading network worms can have a much greater impact than a single virus and can
infect large parts of the Internet quickly.
3) Trojan Horses
 A Trojan horse is a non-self-replicating program that is written to appear like a
legitimate program, when in fact it is an attack tool.
 A Trojan horse relies upon its legitimate appearance to deceive the victim into
initiating the program.
 It may be relatively harmless or can contain code that can damage the contents of
the computer's hard drive.
 Trojans can also create a back door into a system allowing hackers to gain access.
4) Ransomware
 Ransomware, from words Ransom Malware, is a type of malware that prevents
users from accessing their system or personal files and demands ransom payment
in order to regain access.
 There are several different ways that Ransomware can infect your computer.
 One of the most common methods today is through malicious spam, or Malspam,
which is unsolicited email that is used to deliver malware.
 The email might include booby-trapped attachments, such as PDFs or Word
documents.
5) Back Doors and Trojans
 Back doors and Trojan Horses allow hackers to remotely gain access to servers on a network.
 The software typically works by sending a message to let the hacker know of a successful
infection.
 It then provides a service that the hacker can use to gain access to the system. Host-based
firewalls can prevent a Trojan from sending a message by limiting outbound network access.
 It can also prevent the attacker from connecting to any services.
 In addition to host-based firewalls, anti-virus software can be installed as a more comprehensive
security measure.
 Anti-virus software protects computer systems from viruses, worms, spyware, malware, phishing,
and even spam.
 Many ISPs offer customers anti-virus software as part of their comprehensive security services.
Not all anti-virus software protects against the same threats.
 The ISP should constantly review which threats the anti-virus software actually protects against
and make recommendations based on a threat analysis of the company.
 Many anti-virus software packages allow for remote management.
 This includes a notification system that can alert the administrator or support technician about an
infection via email or pager. Immediate notification to the proper individual can drastically reduce
the impact of the infection. Using anti-virus software does not diminish the number of threats to
the network but reduces the risk of being infected.
6) Denial of Service and Brute Force attacks
 Sometimes the goal of an attacker is to shut down the normal operations of a network.
This type of attack is usually carried out with the intent to disrupt the functions of an
organization.
Denial of Service (DoS)
 DoS attacks are aggressive attacks on an individual computer or groups of computers
with the intent to deny services to intended users.
 DoS attacks can target end user systems, servers, routers, and network links.
 In general, DoS attacks seek to flood a system or network with traffic to prevent
legitimate network traffic from flowing, disrupt connections between a client and server
to prevent access to a service.
 There are several types of DoS attacks. Security administrators need to be aware of the
types of DoS attacks that can occur and ensure that their networks are protected. Two
common DoS attacks are:
i) SYN (Synchronous) Flooding - A flood of packets are sent to a server requesting a
client connection. The packets contain invalid source IP addresses.
The server becomes occupied trying to respond to these fake requests and therefore
cannot respond to legitimate ones.
ii) Ping of death: A packet that is greater in size than the maximum allowed by IP
(65,535 bytes) is sent to a device. This can cause the receiving system to crash.
iii) ICMP flood: Also known as Ping flood, is a common Denial of Service (DoS) attack
in which an attacker takes down a victim's computer by overwhelming it with ICMP
echo requests, also known as pings.
• Normally, ICMP echo-request and echo-reply messages are used to ping a network
device in order to diagnose the health and connectivity of the device and the
connection between the sender and the device.
• By flooding the target with request packets, the network is forced to respond with
an equal number of reply packets.
• This causes the target to become inaccessible to normal traffic.
7) Brute Force Attacks
 Not all attacks that cause network outages are specifically DoS attacks. A Brute
force attack is another type of attack that may result in denial of services.
 With brute force attacks, a fast computer is used to try to guess passwords or to
decipher an encryption code.
 The attacker tries a large number of possibilities in rapid succession to gain access
or crack the code.
 Brute force attacks can cause a denial of service due to excessive traffic to a
specific resource or by locking out user accounts.
8) Spyware, tracking cookies, Adware and pop-ups
 Not all attacks do damage or prevent legitimate users from having access to
resources.
 Many threats are designed to collect information about users which can be used
for advertising, marketing and research purposes.
 These include Spyware, Tracking Cookies, Adware and Pop-ups.
 While these may not damage a computer, they invade privacy and can be
annoying.
8) Spyware
 Spyware is any program that gathers personal information from your computer without your
permission or knowledge.
 This information is sent to advertisers or others on the Internet and can include passwords
and account numbers.
 Spyware is usually installed unknowingly when downloading a file, installing another
program or clicking a popup.
 It can slow down a computer and make changes to internal settings creating more
vulnerabilities for other threats. In addition, spyware can be very difficult to remove.
9) Adware
 Adware is a form of spyware used to collect information about a user based on websites the
user visits.
 That information is then used for targeted advertising. Adware is commonly installed by a
user in exchange for a "free" product.
 When a user opens a browser window, Adware can start new browser instances which
attempt to advertize products or services based on a user's surfing practices.
 The unwanted browser windows can open repeatedly, and can make surfing the Internet
very difficult, especially with slow Internet connections. Adware can be very difficult to
uninstall.
10) Spam
 Another annoying by-product of our increasing reliance on electronic
communications is unwanted bulk email.
 Sometimes merchants do not want to bother with targeted marketing.
 They want to send their email advertising to as many end users as possible hoping
that someone is interested in their product or service.
 This widely distributed approach to marketing on the Internet is called spam.
 Spam is a serious network threat that can overload ISPs, email servers and
individual end-user systems.
11) Man-in-the-Middle
 When a party succeeds in interposing itself between two endpoints and is thereby
able to intercept and possibly modify the communication without either party being
aware, this is referred to as a "man-in-the-middle" (MiM) attack.
 MiM is related to interception, but requires that the interception occurs as the result
of the interposition of a listener rather than strictly passive eavesdropping.
12) Social Engineering
 One of the easiest ways for an intruder to gain access, whether internal or external is by
exploiting human behavior.
 One of the more common methods of exploiting human weaknesses is called Social Engineering.
 Social engineering is a term that refers to the ability of something or someone to influence the
behavior of a group of people.
 In the context of computer and network security Social Engineering refers to a collection of
techniques used to deceive internal users into performing specific actions or revealing
confidential information.
 With these techniques, the attacker takes advantage of unsuspecting legitimate users to gain
access to internal resources and private information, such as bank account numbers or
passwords.
 Social engineering attacks exploit the fact that users are generally considered one of the weakest
links in security.
 Social engineers can be internal or external to the organization, but most often do not come face-
to-face with their victims.
 Three of the most commonly used techniques in social engineering are:
- Pretexting,
- Phishing, and
- Vishing.
13) Spoofing
 Spoofing involves forging or corrupting (destroying the integrity of) a resource or
artifact for the purpose of pretending to be i.e., for the purpose of masquerading as
something or someone else.
 There are many variations on spoofing, and it can be done at any level of a system,
from the network level through the application level. Some examples are:
 Forging IP packet source addresses.
 Forging ARP packets to fool a router into thinking that your machine has someone
else's IP address.
 Creating misleading Web pages that fool a user into thinking that they are at a
different site.
 Sending a name resolution request to a DNS server, forcing it to forward the request to
a more authoritative server, and then immediately sending a forged response—causing
the first DNS server to cache the forged response and supply that address to its clients.
 Attacks that use this technique as a method of tricking users into accessing sites that
mimick trusted sites, for the purpose of obtaining user credentials or other personal
identity information, are often referred to as "pharming".)
 END!
ANY QUESTIONS?