Uploaded by Asha Hulsure

chapter-1

advertisement
COMPUTER SECURITY
Definition : “Computer Security is the protection of computing systems
and the data that they store or access.”
Need For Security:

Information is a strategic resource

A significant portion of organisational budget is spent on
managing information

There are many types of information have several security
related objectives
 confidentiality (secrecy) - protect info value
 integrity - protect info accuracy
 availability - ensure info delivery
COMPUTER SECURITY
 Risk and Threat Analysis : Define
 Asset : “a useful or valuable thing”
 Vulnerability: A system that can leave it open to
attack .
 A vulnerability may also refer to any type of
weakness in a computer system itself, in a set of
procedures, or in anything that leaves
information security exposed to a threat.
 Threats : “Anything that has the potential to cause
serious harm to a computer system”
 A threat is something that may or may not
happen, but has the potential to cause serious
damage.
Marathwada Mitra Mandal's Polytechnic
 Risk: Risk is the possibility or chance of loss,
danger or injury.
 Counter measures: A countermeasure is an
action, process, device, or system that can
prevent, or mitigate the effects of, threats to a
computer, server or network. In this context, a
threat is a potential or actual adverse event
that may be malicious or incidental, and that
can compromise the assets of an enterprise or
the integrity of a computer or network.
Marathwada Mitra Mandal's Polytechnic
Basic Principles
 Security basic : CIAAN
 Authentication : Process ensures that the origin
of the data/message is correctly identified.
 Confidentiality: No unauthorized persons should
able to view data and only those who have
authority can view or use that data.
 Integrity : only authorized person can able to
generate view and modify the data.
 Availability : System[Data/Information] should be
available itself when authorized person access it
at any time.
Marathwada Mitra Mandal's Polytechnic
 Non-Repudiation : Non repudiation does not
allow sender to refuses the claim of not
sending messages.
 Access Control: Access control is a security
technique that can be used to regulate who or
what can view or use resources in a
computing environment.
Marathwada Mitra Mandal's Polytechnic
Network Security Model
Marathwada Mitra Mandal's Polytechnic
Passive Attack
Marathwada Mitra Mandal's Polytechnic
Active Attack
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Types of attack
 Passive attack: These types of attack will learn
and make use of information without affecting
system resources.
 Active Attack : These types of attack will alter
system resources or will affect there operation.
 Inside attack [insider]: these types of attack is
carried out by user inside organization. These
are the authorized users to access the system
resources
Marathwada Mitra Mandal's Polytechnic
 Out side Attack [An outsider]:Out sider can
be any unauthorized user who is from outside
the organization.
:Define following terms:
 Assets: Assets is any thing which has some
value. In computer world assets is Data,
devices, hardware software, information etc.
 Vulnerability: it is weakness in the system.
 Threats: Threats is an action taken by attacker
who try to exploit vulnerabilities to damage
assets
Marathwada Mitra Mandal's Polytechnic
 Risk is an incident or attack that can cause
damage to system.
 An attack against a system can be done by
sequences of actions, exploiting weak point
until attackers goal is not achieved,
Risk
Assets
Threats
Vulnerabilities
Marathwada Mitra Mandal's Polytechnic
Threats to security
 Disclosure of information: Unauthorized access
to information.
Deception: Access of wrong data.
Disruption: prevention of correct action.
Marathwada Mitra Mandal's Polytechnic
Virus
[Pnb,mom, some PC]
 Virus is a code or program that attaches
itself to another code or program which
cause damage to computer system or to
computer network.
 Virus is a piece of code or program which is
loaded into the computer without
individuals knowledge and run against his/her
wishes.
 All computer viruses are man made. Any
simple virus can make copy of itself over and
over.
Marathwada Mitra Mandal's Polytechnic
 Any simple virus can be dangerious because
it will quickly use all available memory space
and bring a system to hang.
Types of virus:
 Parasitic virus : It attach itself to execute
code and replicate itself. When infected code
is executed then it will find another program
to infect.
 Memory resident virus: This type of virus lives
in the memory after execution. It insert itself
as a part of operating system and manipulate
any file that is executable.
Marathwada Mitra Mandal's Polytechnic
 Non resident virus: This type of virus execute
itself and terminate after some time.
 Boot sector virus: This type of virus infect
boot record and spread through a system
when system is booted from disk.
 Overwriting virus: This type of virus
overwrites the code with it’s own code.
 Stealth virus: It is the virus which hides the
modification it has made in the file or boot
record.
 Macro virus: This virus is not executable ir
affect Microsoft word document, they can
spread through email.
Marathwada Mitra Mandal's Polytechnic
 Polymorphic virus :it produces fully
operational copies of itself in attempt to
avoid signature detection.
 Companion virus: This is the virus which
creates a new program instead of modifying
an existing file.
 Email Virus: Virus gets executed when email
attached is open by recipient, Virus send
itself to every one on the mailing list of
sender.
 Metamorphic virus: This type of virus keeps
rewriting itself every time, it may change
there behavior as well appearance code.
Marathwada Mitra Mandal's Polytechnic
Phases of virus [life cycle of virus]
Dormant phase: The virus is idle and
activated by some event.

Propagation phase: It places an
identical copy of itself into other programs
or into certain system areas on the disk.

Triggering phase: The virus is activated
to perform the function for which it was
intended.

Execution phase: The function of virus
is performed

Marathwada Mitra Mandal's Polytechnic
Worms
 Worms is a malicious program that spread
them automatically.
 First worm was appeared in 1988, A
graduate student Robert Morris created first
worm program. And spread on internet. It
slowdown near about 6000 connection at
that time.
 Worm spread through computer to
computer without human interaction unlike
virus
 Worms spread through network, and spread
rapidly.
Marathwada Mitra Mandal's Polytechnic
 Worms are designed in such a way that it
replicate itself and move through network.
 Worm spread much faster then virus.
 Worm doesn't require host file to move
from network.
 Worm can delete files , encrypt file and slow
the internet connection.
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Backdoors
 Backdoor in a computer system is a method of
bypassing normal authentication, securing remote
access to a computer.
 Backdoor is a program installed in computer with
other software unknown to the user. Or could be
modify existing program or hardware device.
 There are several backdoor programs used by
hackers. These are likely automated tools, which
carry intended job.
 To avoid such types of attack you have to check
which program we installed freely from internet.
Marathwada Mitra Mandal's Polytechnic
Trapdoors
 These are the programs which are stored in the
targeted system, this program allow easy access
to hacker in targeted system or give sufficient
access information about the targeted to carry
out attack.
 Trap door is a secret entry point into computer
and user are not aware about trap door .
 In many cases trap door can use access to
application which has high security.
 Some times intestinally insert the trap door to
check the programs security.
 It is impossible to remove so only way to
formatting the system.
Marathwada Mitra Mandal's Polytechnic
Sniffing
 A network sniffers is a software or hardware
device that is used to observe traffic that is
passes through network on shared broadcast
media.
 The devise can be used to view all traffic or it
can targeted a specific protocol.
 It can also targeted string like user id or
password.
 There are following Types:
◦ Network Sniffers
-Packet sniffers.
Marathwada Mitra Mandal's Polytechnic
 Network sniffers: can view all traffic and modify also.
 Such traffic can be used by the administrators to
observer traffic for performance, traffic analysis and
to determine which segment are most active .
 It is also used for network bandwidth analysis and
troubleshoot certain problem.
 This tool can be used by attackers to gather
information that can used for penetration.
 Through this attack attacker get password, email
contents as mail passes through network.
Marathwada Mitra Mandal's Polytechnic
 Packet sniffers: This type of sniffers can be
used by the system administrator to check
network problem.
 N/W administrator can find error containing
packet to solve problem like bottleneck.
 Packet sniffers just capture packet to collect
data.
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Spoofing Attack
 Spoofing is making similar to it has come from
a different sources.
 This is possible in TCP/IP.
 When packet is send from one system to
another it include only destination IP address ,
port too, and source IP address.
 And attackers take same to attacks.
Marathwada Mitra Mandal's Polytechnic
Types of Spoofing
URL and Phishing
 This kind of spoofing is web spoofing also known as
phishing. In this attack same web page of spoofing
website like bank is reproduced which is same as of
original web in look and feel , but under control of
attacker.
 Main intend is to fool the user into thinking that they are
connected to a trusted web site , for instance to get the
user name and password.
 This type of attack is performed with the use of URL
spoofing, which display incorrect URL in address bar.
 Once the user put User Id and Password, attacker code
report error and redirect to original site.
 Attacker get user Id and password, still user do not
know it as user is connected to trusted site also.
Marathwada Mitra Mandal's Polytechnic
 Email ID Spoofing: Sender information shown in
the email can spoofed easily. Email spoofing refer
to the email that appears to have original source
but it was send from another source.
 Best example is email spoofing and junk mails.
IP address spoofing :
 IP protocol is designed to work to have original
IP ‘from’ portion of the packet.
 There is no system to prevent inserting another
IP address.
 The attacker send one packet and able to
generate 254 responses at the specific target.
 Target system become overload wit volume of
responses.
Marathwada Mitra Mandal's Polytechnic
Man in The Middle Attack
 A main in middle attack generally occur when
attacker are place themselves of two other hosts.
That are communicating in order to view and modify
the traffic.
Marathwada Mitra Mandal's Polytechnic
 In man in middle attack an unauthorized
connection between two nodes on the
computer network is routed illegally through
the node of attacker.
 Attacker must be able to intercept all
messages going between the two victims and
inject new ones.
 Most cryptographic protocols include some of
end point authentication used to prevent
MITM
Marathwada Mitra Mandal's Polytechnic
Encryption Attacks
 Encryption is the process of transforming
plaintext into an unreadable format called as
cipher text.
 Most encryption processes use some key, key is
used in mathematical process to convert message
and another key is used to decrypt message.
 Some attackers try to break the cryptographic
system it is an attack on specific method used for
encryption.
 Attackers are the part of Cryptanalyst which is
the art of decrypting data.
Marathwada Mitra Mandal's Polytechnic
Replay Attack
 In replay attack an attacker captures a sequence of
events or some data units and resends them.
 For example suppose user A wants to transfer some
amount to user C’s bank account.
 Both users A and C have account with bank B
 User A might send an electronic message to bank B
requesting for fund transfer .
Marathwada Mitra Mandal's Polytechnic
 User C could capture this message and send a
copy of the same to bank B.
 Bank B would have no idea that this is an
unauthorized message and would treat this as
a second and different fund transfer request
from user A.
 So C would get the benefit of the fund
transfer twice.-once authorized and once
through a replay attack.
Marathwada Mitra Mandal's Polytechnic
 Logical Bombs
 Time Bomb
Marathwada Mitra Mandal's Polytechnic
Model of Security
**You can also write answer as CIA
Marathwada Mitra Mandal's Polytechnic
Download