Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security
Uploaded by harshshrimali0002

UNIT 1 CNS

advertisement 
Chapter: 1 Introduction and Security Threats
1.1
Threats to Security :
Virus and worms
Intruders
Criminal Organizations
Terrorists
Information warfare
1.1.1 The need for security:● In the past times computer application have very low security. But when different
application where developed to handle financial application and personal data, from
that time the need for security is generated.
● So, the various application develop for security.
● Provide user Id and password to every user.
● Encode the data and store in different format.
● Day by day technology is developed along with the communication medium is also
developed. So, people realized that the basic security is not enough to secure the
different application.
● Then next the internet is growing fast so the world become very small at this time if
not prepare any security then what happen.
1.1.2 Types of Security:● Computer security:- Collection of tools designed to protect data and to thwart
hackers is computer security.
● Network Security:- When we create network and transmit data between computer to
computer that time needed to protect data during their transmission its call network
security.
● Internet Security:- All business, government and academic organizations
interconnect their data processing equipment with a collection of interconnected
networks. Such a collection is referred as internet. And the term is internet security.
No more difference between network security and internet security.
1.1.3 Threats to Security[1]:● Viruses:- Virus is a type of program code that attaches itself to authorized program
code and runs when the legitimate program runs.
● It can then infect other programs in that computer or programs that are in
other computers but on the same network.
Introduction and Security Threats
1
● Usually viruses cause damage to computer and network system.
“ A virus is a computer program that attaches itself to another legitimate
program and causes damage to the computer system or to the network”
● Worms:- Worms is same like Virus but it is different in implementation.
● Virus do the changes in program where worm does not modify a program
instead of it worms replicates the file again and again. The replication grows
so large that indirectly the computer or the network on which the worms
resides, become very slow.
● A worm do the attack in the form of eating of its resources.
“A worm does not perform any destructive actions and instead, only
consumes system resources to bring it down”
● Intruders:- An intruder is a person who attempts to gain unauthorized access to a
system, to damage that system or to disturb data on that system.
“This person attempts to violate security by interfering with system
availability, data integrity or data confidentiality.”
● Insiders :- Insiders may have accounts giving them legitimate access to computer
systems. with this access originally having been given to them to serve in the
performance of their duties these permissions could be abused to harm the
organization.
● Insiders are often familiar with the organizations data and place to protect
them.
● This makes it easier for insider to break security controls.
● Insider does not need to attack outside from the organization because he is
inside already.
● Insider threats are harder to defend against than attacks from outsiders,
because the insider already has legitimate access to the organization
information.
“An insider may attempt to steal property or information for personal gain or
to benefit another organization or country. The threat to the organization
could also be through malicious software.”
1.1.4 Criminal Organization:● It is the term which categories transnational, national or local grouping of highly
centralized enterprises run by criminals, who intend to engage in illegal activity,
most commonly for monetary profit.
● Sometimes criminal organizations force people to do business with them as when
gang extorts money from shopkeepers for so called protection.
Introduction and Security Threats
2
1.1.5 Terrorists:● Terrorism is the threat of violence and the use of pear to force, persuade and gain
public attention.
● Terrorism is, in the broadest sense, the use of intentional violence for political or
religious purposes.
1.1.6 Information Warfare:● IW is primarily united state military concept involving the use and management of
Information and communication technology in Pursuit of a competitive advantage
over an opponent.
● It may involve collection of tactical information, assurance that one’s own
information is valid, speeding of propaganda or disinformation to demoralize or
manipulate the enemy and public.
● Information Warfare is closely linked with psychological warfare.
1.2
Avenues of Attacks:
Steps in attack
1.2.1 Avenues of Attacks [2]:
● An intelligent act that is a deliberate attempt to evade security service and violate
the security policy of a system.
● The attacker has chosen the target not because of the hardware or software the
organization is running but for another reason, such as apolitical reason.
● Example of this types of attack would be an individual in one country attacking a
government system in another country.
● Example , in this case, might be an attacker who defaces the web site of a
company that sells fur coats because the attacker feels using animals in this way is
unethical.
1.2.2 Steps in Attack:
● The steps an Attacker takes in attempting to penetrate a targeted network are
similar to the ones that a security consultant performing a penetration test would
take.
● The attacker will need to gather as much information about the organization as
possible.
Introduction and Security Threats
3
● There are number of ways to do this, including studying the organization’s own
website, looking for postings on news groups or consulting resources such as the
Securities and Exchange Commission’s (SEC’s) EDGAR web site.
● The first step in the technical part of an attack is often to determine what
target systems are available and active.
● The next step is often to perform a port scan. This will help identify which
ports are open, which gives an indication of which services may be running
on the target machine.
● Determining the operating system that is running on the target machine.
● As well as specific application programs, follows along with determining the
service that are available.
1.3
Security Basics:
Confidentiality
Integrity
Availability
1.3.1 Security Basics[3]:●
●
●
●
It is a basics term related to security so need to understand.
Confidentiality
Integrity
Availability
1.3.2 Confidentiality:● The main concept of confidentiality is only sender and the intended receiver only
send and receive the data.
● Confidentiality gets compromised when unauthorized person any how access the
message.
● Example of confidentiality is user A transmit some confidential data to user B but
somehow unauthorized user C access that data.so,the confidentiality of message is
compromised. This type of attack is called interception.
“interception causes loss of message confidentiality”
1.3.3 Integrity:● The content of message is changed after sending the message from sender and
before received a message from receiver.
● This is called that the integrity of message is compromised.
● For example when user A sends data to user B and somehow user C tempers with
Introduction and Security Threats
4
the data. Before getting message by user B, it is changed without the knowledge of
user A. so, the integrity of message is lost.
“modification causes loss of message integrity”
1.3.4 Availability:● availability means resources should available to authorized parties at all times.
● Because of the intentional action of unauthorized user C, an authorized A can’t be
able to contact a server computer B. because of it authorized user not able to
access the resource.
“Interruption puts the availability of resources in danger”
Figure 1.1 Security Basics
1.4
Types of Attack:
Denial of Service
Replay attack
SQL Injection
Distributed DOS
Sniffing
Spoofing
Tcp/Ip Hacking
Phishing attacks
Backdoors and Trapdoors
Man in the middle
Malware: Viruses
Logic bombs
1.4.1 Types of Attack [4]:
Active attack: in active attack after the attack the data may get changed
Passive attack: in passive attack after the attack the data doest not get changed
Introduction and Security Threats
5
1.
Denial of Service: This attack makes an attempt to prevent legitimate user from
accessing some service for which they are eligible for. For instance an unauthorized
user might send too many login request to server using random user ids, one after
another in quick session, so as flood the network and deny other legitimate user
from using network services.
2.
Reply Attack: A user captures a series of events or some data units and resends it.
For instance, suppose user A wants to transfer some amount to user C’s bank
account. Both user A and C having bank account with Bank B. User A might send an
electronic message to bank B, requesting for fund transfer. User C could capture this
message and send a second copy to Bank B. Bank B would have no idea that this is
an unauthorized message and would treat this is as a second and different request
of fund transfer from user A. Therefore user C would get the benefit of the funds
transfer twice once authorized and once though a reply attack.
3.
SQL injection: it is a technique where malicious users can inject SQL commands
into an SQL statement via web page input. Injected SQL command can alter SQL
statement and compromise the security of a web application.
4.
Distributed DOS (Denial of service): This attach is an attempt to make a machine
or network resource unavailable to its intended users. As clarification, DDOS attacks
are sent by two or more persons. DOS send by one person of system.
5.
Sniffing: It is passive attack on ongoing conversation. An attacked need to not
hijack a conversation but instead can simply observe packets as they pass by. To
prevent attacker from sniffing packets we have some ways for protection (i) the data
that is travelling can be encoded in some ways (ii) the transmission link itself can be
encoded.
To read packet, attacker somehow needs to access it. The simplest way to do this is
to control a computer via which the traffic goes through. Usually this is a router,
Router are highly protected resource. Therefore an attacker might not able to attack
it, instead of it attacker might choose less protected computer on same path.
Introduction and Security Threats
6
Figure 1.2 Sniffing
5. Spoofing: In this technique an attacker sends packets with false source address.
When this happens, the receiver would inadvertently send replies back to this
forged address.
Figure 1.3 Spoofing
● The attacker can intercept the reply: if the attacker is between the destination
and the source, the attacker can see the reply and use that information for
hijacking attacks.
● The attacked needs not see the reply: if attacker’s intention was denial of
service attack then need not bother about reply
● The attacker does not want reply: the attacker does not want a reply from the
destination, as it wants the host with the forged address to receive it and get
confused.
Introduction and Security Threats
7
6. TCP/IP Hacking: it is a technique that uses spoofed packets to take over a
connection between a victim machine and target machine.
● The victim’s connection hangs and the hacker is then able to communicate
with the host machine as if the attacker were the victim.
● To launch a TCP/IP hacking attack the hacker must be on the same network
as the victim.
● The target and victim machine can be anywhere.
7. Phishing:- phishing has become a big problem in recent times attackers set up fake
web sites which look like real web sites.
● The attacker decides to create her own web site, which looks very identical to
a real web site.
For example the attacker can clone citibanks’s web site which look like a real
web site.
● The attacker sends an email to the legitimate customers of the bank. the
email itself appears to have come from the bank. this fake email warns the
user that something went wrong with computer system so the bank wants to
issue new password to all the customers or want to verify existing PIN
number. For this reason request user to visit given link.
● When the customer innocently clicks on the URL given in mail. that link
drives user towards the attacker site not at the bank’s original site. Now
customer input the password and PIN in the database next attacker access
that confidential data of user and with the help of that data attacker access
the data from the bank and do any transaction.
8. Backdoor and trapdoors:- backdoors were originally nothing more than methods
used by software developers to ensure that they could gain access to an application
even if something were to happen in the future to prevent normal access methods.
● An example would be a hard coded password that could be used to gain
access to the program in the event that administrators forget their own
system password .
● he obvious problem with this sort of backdoor is that, since it is hard coded, it
cannot be removed should an attacker learn of the backdoor all system
running that software would be vualnerable to attack.
● The term backdoor is also, and more commonly used to refer to programs
that attackers install after gaining unauthorized access to a system to ensure
that they can continue to have unrestricted access to the system, even if their
initial access method is discovered and blocked. Common backdoors include
net bus and back office. Both of these if running on your system, will allow an
attacker remote access to your system.
Introduction and Security Threats
8
9. Man in the middle:- it is a type of cyber attack where a malicious actor inserts
him/herself into a conversation between two parties, impersonated both parties and
gains access to information that the two parties were trying send to each other.
● Man in the Middle is a type of eavesdropping attack that occurs when
malicious actor inserts himself as a relay/proxy into a communication session
between people or systems.
Figure 1.4 Man in the middle
● A MITM attack exploits the real time processing of transactions,
● conversations, or transfer of other data.
● A MITM attack an attacker to intercept, send, and receive data never meant
to be for them without either outside party knowing until it is too late.
10. Malware: Viruses: Malware short for malicious software is any software is any
software used to disrupt computer operation. Gather sensitive information, or gain
access to private Computer systems. It can appear in the form of executable code,
scripts, active content, and other software.
Introduction and Security Threats
9
Figure 1.4 Man in the middle
Virus: Virus is a small program written to alter the way a computer operates, without the
permission or knowledge of the user.
Types of viruses:
1. File Infector viruses: File infector viruses infect program files. These viruses
normally infect executable code, such as .com and .exe files.
2. Boot sector viruses: Boot sector viruses infect the system area of disk that is
the boot record on floppy disks and hard disk.
3. Master boot record viruses: Master boot record viruses are memory resident
viruses that infect disks in the same manner as boot sector viruses.
4. Multi-partite viruses: Multi-partite viruses infected both boot records and
program files.
5. Macro viruses: These types of viruses infect data files. They are the most
common and have cost corporations the most money and time trying to repair.
11. Logic bombs: they are small Programs or sections of a program triggered by some
event such as a certain date or time, a certain percentage of disk space filled. The
removal of a file and so on.
● For example, a programmer could establish a logic bomb to delete critical
sections of code if she is terminated from the company.
● Logic bombs are most commonly installed by insiders with access to the system.
● A logic bomb is malware that is triggered by a response to an event, such as
launching an application or when a specific date/time is reached.
● Attackers can use logic bombs in a variety of ways.
References:
Introduction and Security Threats
10
1. https://www.reveantivirus.com/in/computer-security-threats
2. https://www.oreilly.com/library/view/comptia-security-all-in-one/978007177147
4/sec1_chap13.html
3. https://www.geeksforgeeks.org/the-cia-triad-in-cryptography/
4. https://www.javatpoint.com/types-of-cyber-attacks
Introduction and Security Threats
11
Related documents
Questions and Answers to Intro to IF Summer Course Quizzes 1-5 IMPORTANT FOR CERTIFICATION USE
Questions and Answers to Intro to IF Summer Course Quizzes 1-5 IMPORTANT FOR CERTIFICATION USE
Abstract
Abstract
CS350-TakeHomeExercises-1
CS350-TakeHomeExercises-1
Concerns for College Students - Sexual Assault Response Services
Concerns for College Students - Sexual Assault Response Services
Viruses vs Cells Table
Viruses vs Cells Table
Download
advertisement