Computer Security

Sem. II - 2026
DEPARTMENT OF COMPUTER SCIENCE

ADMAS UNIVERSITY
 Computer Security
What Does "Secure" Mean?
How do we protect our most valuable assets?
we look at examples of how computer security
affects our lives directly and indirectly.
Throughout this course ,we look at examples of
how computer security affects our lives directly
and indirectly.
And we examine techniques to prevent security
breaches or at least to mitigate their effects.
 Computer Security

“The
most secure
computers are those
not connected
to the Internet and
shielded
from any interference”
 Computer Security

Computer security is about

provisions and policies adopted to
protect information and property
from theft, corruption, or natural
disaster while allowing the
information and property to remain
accessible and productive to its
intended users.
 Computer Security
Network security on the other hand deals with
provisions and policies adopted to prevent and
monitor unauthorized access, misuse, modification, or
denial of the computer network and network-
accessible resources.

Not Sufficient!!

Internet
 Computer Security
Security Goals

Confidentiality

Integrity
Availaibility
 Security goals
Security goals
➢confidentiality, integrity, and availability.
•Confidentiality ensures that computer-related assets are accessed only
by authorized parties. That is, only those who should have access to
something will actually get that access. By "access," we mean not only
reading but also viewing, printing, or simply knowing that a particular
asset exists. Confidentiality is sometimes called secrecy or privacy.
•Integrity means that assets can be modified only by authorized parties
or only in authorized ways. In this context, modification includes writing,
changing, changing status, deleting, and creating.
•Availability means that assets are accessible to authorized parties at
appropriate times. In other words, if some person or system has
legitimate access to a particular set of objects, that access should not be
prevented. For this reason, availability is sometimes known by its
opposite, denial of service.
Security goals
➢If we say that we have preserved the integrity of an item, we may
mean that the item is
•precise
•accurate
•unmodified
•modified only in acceptable ways
•modified only by authorized people
•modified only by authorized processes
•consistent
•internally consistent
•meaningful and usable
Security goals
➢An object or service is thought to be available if
•It is present in a usable form.
•It has capacity enough to meet the service's needs.
•It is making clear progress, and, if in wait mode, it has a bounded
waiting time.
•The service is completed in an acceptable period of time.
•There is a timely response to our request.
•Resources are allocated fairly so that some requesters are not
favored over others.
•The service or system involved follows a philosophy of fault
tolerance, whereby hardware or software faults lead to graceful
cessation of service or to work-around rather than to crashes and
abrupt loss of information.
•The service or system can be used easily and in the way it was
intended to be used.
 Computer Security and Privacy/ History

Until 1960s computer security was limited to

physical protection of computers
In the 60s and 70s
 Evolutions
 Computers became interactive
 Multiuser/Multiprogramming was invented
 More and more data started to be stored in computer
databases
 Organizations and individuals started to worry about
 What the other persons using computers are doing to their
data
 What is happening to their private data stored in large
databases
 Computer Security and Privacy/ History

In the 80s and 90s

 Evolutions
 Personal computers were popularized
 LANs and Internet invaded the world
 Applications such as E-commerce, E-government and
E-health started to develop
 Viruses become majors threats
 Organizations and individuals started to worry about
 Who has access to their computers and data
 Whether they can trust a mail, a website, etc.
 Whether their privacy is protected in the connected world
 Computer Security and Privacy/ History

Famous security problems …

 NASA shutdown
In 1990, an Australian computer science student was
charged for shutting down NASA’s computer system
for 24 hours
 Airline computers
In 1998, a major travel agency discovered that
someone penetrated its ticketing system and has
printed airline tickets illegally
 Bank theft
In 1984, a bank manager was able to steal $25 million
through un-audited computer transactions
 Computer Security and Privacy/ History

Famous security problems …

 In Ethiopia
 Employees of a company managed to change their salaries by
fraudulently modifying the company’s database
 In 1990s Internet password theft

Hundreds of dial-up passwords were stolen and sold to other users

Many of the owners lost tens of thousands of Birr each
A major company suspended the use of a remote login software by
technicians who were looking at the computer of the General
Manager
 In Africa: Cote d’Ivoire
 Anemployee who has been fired by his company deleted all the
data in his company’s computer
 Computer Security and Privacy/ History

Famous security problems …

 Computer Security and Privacy/ History

TOP 5 CYBERCRIMES
TAX-REFUND FRAUD: Cybercriminals first obtain a valid
named Social Security number, preferably from someone who will not be filing atax

r CORPORATE ACCOUNT TAKEOVER

 Illicitly acquire login credentials and Transfer the
victim’s bank funds to an account controlled by the
cybercriminal
IDENTITY THEFT
 Opening a line of credit
 Purchasing goods or ser vices
 Renting or buying a house or apar tment
 Receiving medical care
 Computer Security and Privacy/ History

THEFT OF SENSITIVE DATA

 Sensitive data such as unencrypted credit card
information stored by a business, personally
identifiable information, trade secret s, source code,
customer information and employee records all
attract the attention of cybercriminals

THEFT OF INTELLECTUAL PROPERTY

 Intellectual property, including commercial,
copyrighted materials — music, movies and books —
also is at risk of being stolen
 Computer Security and Privacy/ Overview
Definitions
Security: The prevention and protection of computer
assets from unauthorized access, use, alteration,
degradation, destruction, and other threats.

Privacy: The right of the individual to be protected

against intrusion into his personal life or affairs, or those
of his family, by direct physical means or by publication
of information.

Security/Privacy Threat: Any person, act, or object

that poses a danger to computer security/privacy.
 Computer Security and Privacy

Vulnerabilities, Threats, Attacks, and Controls

➢A threat to a computing system is a set of circumstances

that has the potential to cause loss or harm
➢A vulnerability is a weakness in the security system, for
example, in procedures, design, or implementation, that
might be exploited to cause loss or harm
➢A human who exploits a vulnerability commits an attack
on the system
➢A threat is blocked by control of a vulnerability
System Security Threats:
 Computer Security and Privacy/Attacks

Categories of Attacks

Interruption: An attack on availability

Interception: An attack on confidentiality

Modification: An attack on integrity

Fabrication: An attack on authenticity

 Computer Security and Privacy/Attacks

Categories of Attacks/Threats
Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication
 Computer Security and Privacy/Vulnerabilities
Types of Vulnerabilities

Physical vulnerabilities (Ex. Buildings)

Natural vulnerabilities (Ex. Earthquake)

Hardware and Software vulnerabilities (Ex. Failures)

Media vulnerabilities (Ex. Disks can be stolen)

Communication vulnerabilities (Ex. Wires can be tapped)

Human vulnerabilities (Ex. Insiders)

 Computer Security and Privacy/ Countermeasures

Computer security controls

Authentication (Password, Cards, Biometrics)
(What we know, have, are!)
Encryption
Auditing
Administrative procedures
Standards
Certifications
Physical Security
Laws
Computer Security and Privacy/ The Human Factor

The human factor is an important component of

computer security
Some organizations view technical solutions as
“their solutions” for computer security. However:
 Technology is fallible (imperfect)
 [Link] holes that opened the door for Morris worm
 The technology may not be appropriate
 Ex. It is difficult to define all the security requirements and find a
solution that satisfies those requirements
 Technical solutions are usually (very) expensive
 Ex. Antivirus purchased by organization to protect its services
 Given all these, someone, a human, has to implement the solution
Computer Security and Privacy/ The Human Factor

Competence of the security staff

 Ex. Crackers may know more than the security team

Understanding and support of management

 Ex. Management does not want to spend money on
security
Staff ’s discipline to follow procedures
 Ex. Staff members choose simple passwords

Staff members may not be trustworthy

 Ex. Bank theft
Computer Security and Privacy/ Physical Security

“The most robustly secured

computer that is left sitting
unattended in an unlocked room
is not at all secure !!”
Computer Security and Privacy/ Physical Security

Physical security is the use of physical controls to

protect premises, site, facility, building or other
physical asset of an organization

Physical security protects your physical computer

facility (your building, your computer room, your
computer, your disks and other media)
Computer Security and Privacy/ Physical Security

In the early days of computing physical security

was simple because computers were big,
standalone, expensive machines
It is almost impossible to move them (not
portable)
They were very few and it is affordable to
spend on physical security for them
Management was willing to spend money
Everybody understands and accepts that there
is restriction
 Computer Security and Privacy/ Physical Security

Today
 Computers are more and more portable (PC, laptop,
PDA, Smartphone)
 There are too many of them to have good physical
security for each of them
 They are not “too expensive” to justify spending more
money on physical security until a major crisis occurs
 Users don’t accept restrictions easily
 Accessories (ex. Network components) are not
considered as important for security until there is a
problem
 Access to a single computer may endanger many more
computers connected through a network
 Computer Security and Privacy/ Physical Security

=>
Physical security is much more
difficult to achieve today than some
decades ago
 Computer Security and Privacy/ Physical Security

Threats and vulnerabilities

Natural Disasters
 Fire and smoke
 Firecan occur anywhere
 Solution – Minimize risk

Good policies: NO SMOKING, etc..

Fire extinguisher, good procedure and training
Fireproof cases (and other techniques) for backup tapes
Fireproof doors
 Climate
 Heat
 Direct
sun
 Humidity
 Computer Security and Privacy/ Physical Security
Threats and vulnerabilities …
Natural Disasters …
 Hurricane, storm, cyclone
 Earthquakes
 Water
 Flooding can occur even when a water tab is not properly closed
 Electric supply
 Voltage fluctuation
Solution: Voltage regulator
 Lightning

Solution
 Avoid having servers in areas often hit by Natural Disasters!
 Computer Security and Privacy/ Physical Security

Threats and vulnerabilities …

People
 Intruders
 Thieves
 People who have been given access unintentionally by the
insiders
 Employees, contractors, etc. who have access to the facilities

 External thieves
 Portable computing devices can be stolen outside the
organization’s premises
Loss of a computing device
 Mainly laptop
 Computer Security and Privacy/ Physical Security

Safe area

Safe area often is a locked place where

only authorized personnel can have
access
Organizations usually have safe area for
keeping computers and related devices
 Computer Security and Privacy/ Physical Security
Safe area … Challenges
Is the area inaccessible through other openings
(window, roof-ceilings, ventilation hole, etc.)?
Design ofthe building with security in mind
Know the architecture of your building

During opening hours, is it always possible to

detect when unauthorized person tries to get to the
safe area?
Surveillance/guards, video-surveillance, automatic-
doors with security code locks, alarms, etc.
Put signs so that everybody sees the safe area
 Computer Security and Privacy/ Physical Security
Safe area…Locks
Are the locks reliable?
 The effectiveness of locks depends on the design, manufacture,
installation and maintenance of the keys!
 Among the attacks on locks are:
 Illicit
keys
Duplicate keys
Avoid access to the key by unauthorized persons even for a few seconds
Change locks/keys frequently
Key management procedure
Lost keys
Notify responsible person when a key is lost
There should be no label on keys
 Forceful attacks:
Punching, Drilling, Hammering, etc.
 Computer Security and Privacy/ Physical Security

Safe area… Surveillance

Surveillance with guards

The most common in Ethiopia
Not always the most reliable since it adds a
lot of human factor
Not always practical for users (employees
don’t like to be questioned by guards
wherever they go)
 Computer Security and Privacy/ Physical Security
Safe area… Surveillance
Surveillance with video
 Uses Closed Circuit Television (CCTV)
 Started in the 1960s
 Become more and more popular with the worldwide increase of
theft and terrorism
 Advantages
A single person can monitor more than one location
 The intruder doesn’t see the security personnel
 It is cheaper after the initial investment
 It can be recorded and be used for investigation
 Since it can be recorded the security personnel is more careful
 Today’s digital video-surveillance can use advanced techniques such
as face recognition to detect terrorists, wanted people, etc.
 Drawback
 Privacy concerns
 Computer Security and Privacy/ Physical Security
Internal Human factor - Personnel
Choose employees carefully
Personal integrity should be as important a
factor in the hiring process as technical skills
Create an atmosphere in which the levels of
employee loyalty, morale, and job satisfaction
are high
Remind employees, on a regular basis, of
their continuous responsibilities to protect
the organization’s information
 Computer Security and Privacy/ Physical Security

Internal Human factor – Personnel …

Establish procedures for proper destruction and
disposal of obsolete programs, reports, and data
Act defensively when an employee must be
discharged, either for cause or as part of a cost
reduction program
Such an employee should not be allowed access to
the system and should be carefully watched until
he or she leaves the premises
Any passwords used by the former employee
should be immediately disabled
End of chapter 1 ……..?????