Alpha University Borama Branch

Faculty of Computer Science

Department of IT and Cyber Security
Course Title : Fundamentals of Computer Security

Chapter One
Chapter Title :Introduction to Computer Security

Lecturer: Eng Yahye Asad Mousa

Introduction

the prevalence of online transactions has increased dramatically. In 2004

we had ecommerce via websites; in 2023 we have Internetconnected cars,
the Internet of Things (IoT), as well as an expanded use of e-commerce
websites. We also have smart homes and smart medical devices. Internet
traffic is far more than just humorous YouTube videos or Facebook
Because so much of our business is transacted online, a great deal of
personal information is stored in computers. Medical records, tax records,
school records, and more are all stored in computer databases. Personal
information is often called personally identifiable information (PII), and
health-related data is usually termed personal health information (PHI).
Continue…

This leads to some very important questions:

• How is information safeguarded?
• What are the vulnerabilities to these systems?
• What steps are taken to ensure that these systems and data are safe?
• Who can access my information?
• How is that information used?
• Who is this information shared with? Third parties?
How Seriously Should You Take Threats to Network Security?

The first step in understanding computer and network security is to

formulate a realistic assessment of the threats to those systems. You
cannot protect assets if you don’t have an understanding of what you
are protecting and what threats you are protecting against. You need to
have a clear picture of the dangers in order to adequately prepare a
defense.
They may believe that any teenager with a laptop can traverse highly
secure systems at will. Such a worldview makes excellent movie plots,
but it is simply unrealistic. The reality is that many people who call
themselves hackers are less knowledgeable than they think they are
Continue…

These people have a low probability of being able to compromise any

system that has implemented even moderate security precautions. This
does not mean that skillful hackers do not exist, of course. However,
they must balance the costs (financial, time) against the rewards
(ideological, monetary). “Good” hackers tend to target systems that
yield the highest rewards. If a hacker doesn’t perceive your system as
beneficial to these goals, he is less likely to expend the resources to
compromise your system.
Identifying Types of Threats

As discussed in the previous section, identifying your threats is a key part of

risk assessment. Some threats are common to all networks; others are more
likely with specific types of networks. Various sources have divided threats
into different categories based on specific criteria. In this section we will
examine threats that have been divided into categories based on the nature
of the attack. Most attacks can be categorized as one of seven broad classes:
• Malware
• Security breaches
• DoS attacks
• Web attacks:
Continue…

• Malware: This is a generic term for software that has a malicious

purpose. It includes virus attacks, worms, adware, Trojan horses, and
spyware. This is the most prevalent danger to your system. One
reason the relatively generic term malware is now widely used is that
many times a piece of malware does not fit neatly into one of these
categories.
Continue…

• Security breaches: This group of attacks includes any attempt to gain

unauthorized access to your system. This includes cracking passwords,
elevating privileges, breaking into a server,…all the things you probably
associate with the term hacking.

• DoS attacks: These are designed to prevent legitimate access to your

system. And, as you will see in later chapters, this includes distributed
denial of service (DDoS).
Continue…

• Web attacks :This is any attack that attempts to breach your website.
Two of the most common such attacks are SQL injection and cross-site
scripting.

• Insider threats: These are breaches based on someone who has

access to your network misusing his access to steal data or
compromise security.
Basic Security Terminology

basic introduction to computer security terminology, and they are an

excellent starting point to help you prepare to learn more about
computer security.
• Hacker: You probably have heard the term hacker used in movies and
in news broadcasts. Most people use it to describe any person who
breaks into a computer system. In the hacking community, however, a
hacker is an expert on a particular system or systems, a person who
simply wants to learn more about the system. Hackers feel that
looking at a system’s flaws is the best way to learn about that system.
where hackers differentiate themselves into three groups

• A white hat hacker, upon finding some flaw in a system, will report
the flaw to the vendor of that system.
• A black hat hacker is the person normally depicted in the media. Once
he gains access to a system, her goal is to cause some type of harm.
he might steal data, erase files, or deface websites.
• A gray hat hacker is normally a law-abiding citizen but in some cases
will venture into illegal activities.
Concepts and Approaches

The approach you take toward security influences all subsequent

security decisions and sets the tone for the entire organization’s
network security infrastructure.
The three pillars of security: confidentiality, integrity, and availability.
When you are thinking about security, your thought processes should
always be guided by these three principles.
First and foremost, are you keeping the data confidential? Does your
approach help guarantee the integrity of data? And does your approach
still make the data readily available to authorized users?
The McCumber cube

Another important concept to keep in mind is least privileges. This

means that each user or service running on your network should have
the least number of privileges/access required to do the job. No one
should be granted access to anything unless it is absolutely required for
the job.
Network security paradigms can be classified based on either the scope
of security measures taken (perimeter, layered) or how proactive the
system is.
Perimeter Security

Definition:
Perimeter security focuses on protecting the outer boundary of a
system, network, or application — similar to a fence around a property.
Its goal is to stop attackers before they enter the internal environment.
Examples:
• Firewalls:
Filters incoming and outgoing traffic based on defined rules (e.g.,
blocking all traffic except ports 80 and 443).
Continue…

• VPNs (Virtual Private Networks): Secure remote access to internal

systems by encrypting the connection.
• DMZ (Demilitarized Zone): A segmented network zone that hosts
public-facing services (e.g., web servers) — isolated from the internal
network.
Example Scenario:

Imagine the university has an online system for teachers to

enter grades. They don’t want hackers or outsiders to reach it.
Here’s how perimeter protection works step by step:
• Firewall – the gatekeeper
Think of this as the security guard at the school gate.
• It only lets specific traffic in — for example, websites using
HTTPS (secure web connections).
• Everything else is blocked (like suspicious or unknown
traffic).
Continue…

• VPN – staff-only entrance

Teachers who want to work from home must connect through a VPN
(Virtual Private Network).
• The VPN acts like a special tunnel that only authorized teachers can use.
• It encrypts their connection so no one can spy on their data.
• DMZ – the buffer zone
The web server (the one showing the login page) is placed in a DMZ,
a separate area from the main network.
• If a hacker attacks the website, they’re stuck in this “buffer zone.”
• They can’t directly reach the sensitive stuff — like the student database
stored inside the main network.
Layered Security

• Definition:
Layered security takes perimeter protection a step further. It assumes
attackers will eventually get past one layer, so multiple, independent
defenses are stacked throughout the system.
• It’s the “onion model” — multiple layers of protection so that if one
layer fails, others still protect the system.
Example Scenario

• Now imagine the university wants to be extra safe — not just

keeping hackers out, but also protecting the system in case
one layer fails.
This is called layered security (or defense in depth).
Each layer is like another lock or barrier.
• Firewall – first gate
Still the outer guard — blocks bad or unknown traffic.
Only allows safe web connections (HTTPS).
Continue...

• Login System – second lock

Teachers must log in with a username and password.
Wrong password? You stay out.
• Two-Factor Authentication (2FA) – extra check
Even if someone steals a password, they can’t log in without the code
sent to the teacher’s phone.
• Application Security – careful entry checks
The web app checks all form inputs to make sure no one is sending
malicious code.
This prevents attacks like SQL injection or XSS.
Continue…

• Database Protection – safe room

Student grades are stored encrypted.
Even if someone breaks into the database, the data is unreadable.
• Backups & Monitoring – watchtower and safety copies
Logs record suspicious activities (like too many failed logins).
Regular backups ensure data isn’t lost or corrupted.
The End.
Any Questions?