Computer Security

Introduction
❖ Computer security is the protection of information systems from theft or damage to the hardware, the software, and
to the information on them, as well as from disruption or misdirection of the services they provide.
❖ It includes controlling physical access to the hardware, as well as protecting against harm that may come via
network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or
due to them being tricked into deviating from secure procedures.

Computer security focuses on the security attacks, security mechanisms and security services.

❖ Security attacks are the reasons for breach of security. Security attacks comprise of all actions that breaches the
computer security.
❖ Security mechanisms are the tools that include the algorithms, protocols or devices, that are designed to detect,
prevent, or recover from a security attack.
❖ Security services are the services that are provided by a system for a specific kind of protection to the system
resources.

Security Goals (CIA triad)

❖ Confidentiality:
It refers to the ability to hide the information from people who do not have the permission to access it. This helps to
ensure that the data is not compromised and is not disclosed to unauthorized people. Some of the method employed to
ensure confidentiality is encryption & cryptography. For e.g. credit card transactions over the internet. As a transaction
is made the credit card number is encrypted by restricting access to the credit card number and user information.
❖ Integrity:
It refers to the ability of protecting the data from modification or deletion by unauthorized people. Data integrity
ensures that the data is the accurate and unmodified version of the original data.
❖ Availability:
Though it is highly necessary to ensure that the data is unavailable to unauthorized people, it is equally important to
make sure that the data is available to authorized people. People who are authorized to access information must not
face any issues when accessing information that is needed.

Security Threat and Security Attack

❖ Security Threats:
● An attack is an information security threat that involves an attempt to obtain, alter, destroy, remove, implant or
reveal information without authorized access or permission.
● Attacks are typically categorized based on the action performed by the attacker. An attack, thus, can be passive
or active.
➔ Passive Attack:
◆ A passive attack make use of information from the system but doesn’t affect the system resources.
◆ The goal of attacker is to obtain the information that is being transmitted.
◆ Passive attacks are difficult to detect because they do not involve any alteration of data.
Two types of passive attacks:
★ Releases of message content: In this type, an attacker attempts to learn the contents of transmission.
★ Traffic analysis: Traffic analysis is the process of intercepting and examining message in order to deduce
information from patterns in communication.
 ➔ Active Attack:
◆ These attacks attempts to alter system resources or affect their operations.
◆ It involves some modification of the data stream or creation of false stream.
It can be subdivided into four categories:
❖ Masquerade: A masquerade is a type of attack where the attacker acts as an authorized user of a system to gain
access to it or to gain greater privileges than they are authorized for.
❖ Replay: It involves passive captures of data unit and its subsequent retransmission to produce an unauthorized
effect.
❖ Modification of message: In a message modification attack, some portion of message altered or that message
are delayed or reordered to produce an unauthorized effect.
❖ Denial of Service (DOS): In a DOS attack, users are deprived of access to a network or web resources. This is
generally accomplished by overwhelming the target with more traffic than it can handle.
Malicious Software
The software that is intentionally included into a system with the intention to harm the system is called malicious software.
Viruses, Trojan horse, and Worms are examples of malicious programs. Java scripts and Java applets written with the
purpose of attacking, are also malicious programs. Viruses, worms and Trojan Horses are all malicious programs that can
cause damage to computer, but there are differences among the three, and knowing those differences can help you better
protect your computer from damaging effects.
Malicious software are:
❖ Virus:
Virus is a software program that is destructive in nature. Virus programs have the following properties:
● It can attach itself to other healthy programs.
● It can replicate itself and thus can spread across a network.
● It is difficult to trace a virus after it has spread across a network.
● Viruses harm the computer in many ways:
○ corrupt or delete data or files on the computer,
○ change the functionality of software applications,
○ use e-mail program to spread itself to other computers,
○ erase everything on the hard disk, or,
○ degrade performance of the system by utilizing resources such as memory or disk space.
Once a virus is active, it loads into the computer’s memory and may save itself to the hard drive or copies itself to
applications or system files on the disk.
The different types of Computer virus are Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus,
Macro Virus, and Email Virus.
❖ Worms:
Worm is self-replicating software that uses network and security holes to replicate itself. A copy of the worm scans the
network for another machine that has a specific security hole. It copies itself to the new machine using the security
hole, and then starts replicating from there, as well. A worm is however different from a virus. A worm does not
modify a program like a virus, however, it replicates so much that it consumes the resources of the computer and
makes it slow.
Some examples of worms are: “Code Red” and “Nimda”.

❖ Trojan Horse:
A Trojan horse is a program with an overt (known) look and a covert (unwanted) effect. It performs a desired task but
also performs unexpected functions. It requires human action to run, do not self-replicate. A Trojan may give a hacker
remote access to a targeted computer system.
Trojan horses contain programs that corrupt the data or damage the files. Trojan horses can corrupt software
applications. They can also damage files and can contain viruses that destroy and corrupt data and programs.

Security Services:
A security service is something that enhances the security of data processing systems and information transfers of an
organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to
provide the services.
● Confidentiality:
It is a security service that keeps the information secure from an unauthorized person. Encryption is a process to
ensure the confidentiality.
● Data integrity:
The assurance that data received are exactly as sent by an authorized entity (i.e. contains no modification, insertion,
deletion, or replay).
● Authentication:
The assurance that an entity of concern or the origin of communication is authentic.
● Non-repudiation:
Prevents either sender or receiver from denying message transmission or receipt of message.
Origin non-repudiation: preventing sender from denying that he has sent a message.
Destination non-repudiation: preventing receiver from denying that he has received a message.
● Access control:
The prevention of the unauthorized use of a resource (i.e. this service controls who can have access to a resource,
under what conditions access can occur, and what those accessing the resource are allowed to do).
● Availability:
Making system or resources available upon demand by legitimate users.
Security Mechanism:
Security mechanisms deal with prevention, detection, and recovery from a security attack. Prevention involves mechanisms to
prevent the computer from being damaged. Detection requires mechanisms that allow detection of when, how, and by whom
an attack occurred. Recovery involves a mechanism to stop the attack, assess the damage done, and then repair the damage.
Security mechanisms are built using personnel and technology.
● Personnel are used to frame security policy and procedures, and for training and awareness
● Security mechanisms use technologies like cryptography, digital signature, firewall, user identification and
authentication, and other measures like intrusion detection, virus protection, and, data and information backup, as
countermeasures for security attack.
➔ Cryptography:
Cryptography is the science of writing information in a “hidden” or “secret” form and is an ancient art. Cryptography is
necessary when communicating data over any network, particularly the Internet. It protects the data in transit and also
the data stored on the disk. Some terms commonly used in cryptography are:

● Plaintext: readable text with no information hidden.

● Ciphertext: text with information hidden (the encrypted data).
● Encryption: the process of converting plaintext to ciphertext.
● Decryption: the process of converting ciphertext to plaintext.
● Cipher: algorithm used for encryption and decryption.
● Key: a secret piece of information which is used for encryption & decryption.
❖ Symmetric Cryptography (Private/secret key cryptography):
➢ These technique use single key for encryption as well decryption.
➢ The sender and receiver must have a shared key set up in advance and kept secret from all other parties; the
sender uses this key for encryption and receiver use the same key for decryption.
❖ Asymmetric Cryptography (Public key cryptography):
➢ These technique use two key, namely private and public keys. One key is used for encryption and the other is
used for decryption.
➢ Public key is publically available while private key is kept secret.

❖ Hash Function:
A hash function is a mathematical algorithm that takes an input (or "message") and produces a fixed-size string of
bytes, which typically represents a condensed and unique "digest" of the original input. The output of a hash function
is often referred to as a "hash value" or simply a "hash". For the same input, a hash function will always produce the
same output. This property ensures consistency and reliability in hashing operations.
❖ Digital Signature:
Digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message and
to ensure that the original content of the message or document that has been sent is unchanged. Digital signature
schemes normally gives two algorithms, one for signing which involves the user’s secret or private key and one for
verifying signatures which involves the user’s public key.
❖ Firewall:
A firewall is a security mechanism to protect a local network from the threats it may face while interacting with other
networks (Internet). A firewall can be a hardware component, a software component, or a combination of both. It
prevents computers in one network domain from communicating directly with other network domains. All
communication takes place through the firewall, which examines all incoming data before allowing it to enter the local
network.
Functions of Firewall:
● Firewalls provide security by examining the incoming data packets and allowing them to enter the local
network only if the conditions are met.
● Firewalls provide user authentication by verifying the username and password. This ensures that only
authorized users have access to the local network.

Types of Firewalls:
★ Packet Filtering Firewall:
A packet filtering firewall is the most basic type of firewall. It acts like a management program that monitors
network traffic and filters incoming packets based on configured security rules. These firewalls are designed to
block network traffic IP protocols, an IP address, and a port number if a data packet does not match the
established rule-set. While packet-filtering firewalls can be considered a fast solution without many resource
requirements, they also have some limitations. Because these types of firewalls do not prevent web-based
attacks, they are not the safest.
★ Circuit-level Gateways:
Circuit-level gateways are another simplified type of firewall that can be easily configured to allow or block traffic
without consuming significant computing resources. These types of firewalls typically operate at the session-level of the
OSI model by verifying TCP (Transmission Control Protocol) connections and sessions. Circuit-level gateways are
designed to ensure that the established sessions are protected. Typically, circuit-level firewalls are implemented as
security software or pre-existing firewalls. Like packet-filtering firewalls, these firewalls do not check for actual data,
although they inspect information about transactions. Therefore, if a data contains malware, but follows the correct TCP
connection, it will pass through the gateway. That is why circuit-level gateways are not considered safe enough to protect
our systems.
★ Application-level Gateways (Proxy Firewalls):
Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic between two end
systems (e.g., network and traffic systems). That is why these firewalls are called 'Application-level Gateways'. Unlike
basic firewalls, these firewalls transfer requests from clients pretending to be original clients on the web-server. This
protects the client's identity and other suspicious information, keeping the network safe from potential attacks. Once the
connection is established, the proxy firewall inspects data packets coming from the source. If the contents of the
incoming data packet are protected, the proxy firewall transfers it to the client. This approach creates an additional layer
of security between the client and many different sources on the network.
★ Stateful Multilayer Inspection Firewall:
It combines the aspects of the other three types of firewalls. They filter packets at the network layer, determine
whether session packets are legitimate and evaluate contents of packets at the application layer. They rely on algorithms
to recognize and process application layer data instead of running application specific proxies. Stateful multilayer
inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive
however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by
highly competent personnel.
★ Users identification and authentication
❖ Username and password,
❖ Smart card
❖ Biometrics
Identification is the process whereby a system recognizes a valid user’s identity. Authentication is the process of
verifying the claimed identity of a user. For example, a system uses user password for identification. The user enters his
password for identification. Authentication is the system which verifies that the password is correct, and thus the user is
a valid user. Before granting access to a system, the user’s identity needs to be authenticated. If users are not properly
authenticated then the system is potentially vulnerable to access by unauthorized users. If strong identification and
authentication mechanisms are used, then the risk that unauthorized users will gain access to a system is significantly
decreased. Authentication is done using one or more combinations of - what you have (like smartcards), what you
know (Password), and what you are (Biometrics like Fingerprints, retina scans). Once the user is authenticated, the
access controls for the user are also defined. Access controls is what the user can access once he is authenticated.

❖ Intrusion Detection System (IDS):

➢ Intrusion detection is the process of identifying and responding to malicious activity targeted at resource.
➢ IDS is system designed to test/analyze network system traffic/events against a given set of parameters and
alert/capture data when these threshold are met.
➢ IDS uses collected information and pre-defined knowledge-based system to reason about the possibility of an
intrusion.
➢ IDS also provides services to cop with intrusion such as giving alarms, activating programs to try to deal with
intrusion, etc.
❖ Security Awareness:
➢ The aim of the security awareness is to enhance the security of the organization’s resources by improving the
awareness of the need to secure the system resources. Staff members play a critical role in protecting the
integrity, confidentiality, and availability of IT systems and networks.
➢ It is necessary for an organization to train their staff for security awareness and accepted computer practices.
Security of resources can be ensured when the people using it are aware of the need to secure their resources.
➢ Security awareness of staff includes the knowledge of practices that must be adhered to, for ensuring the security
and the possible consequences of not using those security practices
➢ For example, not disclosing your password to unauthorized users is a security practice, but if the users are not
aware of the possible consequences of disclosing the password, they may disclose their password to other users,
unintentionally, thus making their systems prone to security attack.
➢ In order to make the users and people in an organization aware of the security practices to be followed, regular
training programs are conducted in organizations.
➢ Awareness is also promoted by regular security awareness sessions, videotapes, newsletters, posters, and flyers.
❖ Security Policy:
➢ A security policy is a formal statement that embodies the organization’s overall security expectations, goals, and
objectives with regard to the organization’s technology, system and information
➢ To be practical and implementable, policies must be defined by standards, guidelines, and procedures. Standards,
guidelines, and procedures provide specific interpretation of policies and instruct users, customers, technicians,
management, and others on how to implement the policies.
➢ The security policy states what is, and what is not allowed. A security policy must be comprehensive, up-to-date,
complete, delivered effectively, and available to all staff. A security policy must also be enforceable. To
accomplish this, the security policy can mention that strict action will be taken against employees who violate it,
like disclosing a password
➢ Generally, security policies are included within security plan. A security plan details how the rules put forward
by the security policy will be implemented. The statements within a security plan can ensure that each employee
knows the boundaries and the penalties of overstepping those boundaries. For example, some rules could be
included in the security policy of an organization, such as, to log off the system before leaving the workstation,
or not to share the password with other users.
➢ The security policy also includes physical security of the computers. Some of the measures taken to ensure the
physical security of a computer are—taking regular backups to prevent data loss from natural calamity, virus
attack or theft, securing the backup media, keeping valuable hardware resources in locked room (like servers), to
avoid theft of systems and storage media.
❖ Formulating a Security Policy:
Security policies are defined based on an organization’s needs. A security policy includes approaches and techniques
that an organization is going to apply or include in order to secure its resources. The steps followed while formulating
the security policy are:
➔ Analyzing Current Security Policies.
➔ Identifying IT Assets that Need to be Secure.
➔ Identifying Security Threats and Likely Security Attacks.
➔ Defining the Proactive and Reactive Security Strategies.
❖ Proactive and Reactive Security Strategies:

A proactive strategy is a pre-attack strategy. It involves identifying possible damage from each type of attack,
determining the vulnerabilities that each type of attack can exploit, minimizing those vulnerabilities and making a
contingency plan. A contingency plan specifies the actions to be taken in case an attack penetrates into a system and
damages the IT assets of the organization. A contingency plan aims at keeping the computer functional and ensuring
the availability, integrity, and confidentiality of data. However, it is not possible for the security administrator to
prepare a computer against all attacks. A reactive strategy is implemented on the failure of the proactive strategy. It
defines the steps to be taken after the attack. It aims at identifying the cause of attack, vulnerabilities used to attack the
system, damage caused by the attack, and repairing of the damage caused by the attack.