COMPUTER SECURITY
(17514)
VTH SEM CM
MS. SHREYA B. PANDEY
G.H. RAISONI POLYTECHNIC,
1
NAGPUR
CHAPTER 1[22M]
I.
INTRODUCTION TO
SECURITY TRENDS
COMPUTER
SECURITY
AND
1.1Defination of Computer Security, Need for security, Security
basics:Confidentiality,Integrity,Availability,Non-retition,Example of
security, Challenges for security, Model for security.
1.2 Risk and Threat Analysis: Assets, Vulnerability, Threats, Risks, Counter
measures.
1.3 Threat to Security: Viruses and Worms, Intruders, Insiders, Criminal
organizations, Terrorists, Information warfare Avenues of attack, steps in
attack
1.4 Security attacks: Active and Passive attacks, Denial of service, backdoors
and trapdoors, sniffing, spoofing, man in the middle, replay, TCP/IP
Hacking, encryption attacks.
1.5 Malware : Viruses, Logic bombs
2
Need for security
Lecture 1

Security is needed because when we develop a computer
application to handle financial and personal data, security is very
important from unauthorized access from the third party.
Example of security mechanism are as follows:
1)Provide a user id and password to every user and use that
information to authenticate a user.
2)Encode information stored in the database in some fashion so that it
is not visible to user who do not have the right permission.
The need of computer security has been threefold: confidentiality,
integrity, and availability—the “CIA” of security.
BACK
3
1.
2.
Confidentiality: The principle of confidentiality specifies that
only sender and intended recipients should be able to access the
contents of a message.
Confidentiality gets compromised if an unauthorized person is
able to access the contents of a message. Example of
compromising the Confidentiality of a message is shown in fig
Here, the user of a computer A send a message to user of
computer B. another user C gets access to this message, which
is not desired and therefore, defeats the purpose of
Confidentiality. This type of attack is also called as
interception.
BACK
4
2. Authentication: Authentication helps to establish proof of
identities. The Authentication process ensures that the origin of a
message is correctly identified .For example, suppose that user C
sends a message over the internet to user B. however, the trouble is
that user C had posed as user A when he sent a message to user B.
how would user B know that the message has come from user C,
who posing as user A? This concept is shown in fig. below. This
type of attack is called as fabrication .
BACK
5
3. Integrity: when the contents of the message are changed after the
sender sends it, but before it reaches the intended recipient, we say
that the integrity of the message is lost. For example, here user C
tampers with a message originally sent by user A, which is actually
destined for user B. user C somehow manages to access it, change
its contents and send the changed message to user B. user B has no
way of knowing that the contents of the message were changed
after user A had sent it. User A also does not know about this
change. This type of attack is called as modification.
BACK
6
Definition of Computer Security
Lecture 2


Computer system security means the collective processes and
mechanism by which sensitive and valuable information and
services are protected from publication, tampering or collapse by
unauthorized activities or untrustworthy individuals and unplanned
events respectively.
Computer security is the protection of computer and data that the
computers hold.
BACK
7
Security basics
1. Confidentiality : The goal of confidentiality is to ensure that
only those individuals who have the Authority can view a piece
of information.
2. Authentication: Authentication deals with the desire to ensure
that an individual is who they claim to be. The need for this in
an online transaction is obvious.
3. Integrity: Integrity is a related concept but deals with the
generation and modification of data. Only authorized individuals
should ever be able to create or change (or delete) information.
4. Nonrepudiation: Nonrepudiation deals with the ability to
verify that a message has been sent and received and that the
sender can be identified and verified. The requirement for this
capability in online transactions should also be readily apparent.
BACK
8
Challenges for security
E-Commerce requirement.
 Information security attack
 Government sector and industry regulation
 Mobile work force & wireless computing.
These security challenges can be grouped into following
security field.
Cryptography, security in small and medium enterprises,
security & privacy in cloud internet, security matrix, foreign

sectors.
BACK
9
Difference between Authentication and
authorization
Authentication is any process by which a system verifies the
identity of a User who wishes to access it.
 Since Access Control is normally based on the identity of
the User who requests access to a resource, Authentication is
essential to effective Security.
 Authentication may be implemented using Credentials, each of
which is composed of a User ID and Password. Alternately,
Authentication may be implemented with Smart Cards,
an Authentication Server or even a Public Key Infrastructure.
Authorization is the process of giving someone permission to do or
have something.
 In multi-user computer systems, a system administrator defines for
the system which users are allowed access to the system and what
privileges of use (such as access to which file directories, hours of
access, amount of allocated storage space, and so forth).
BACK
10
Model for security
Lecture 3
BACK
11
CONTINUE…







BACK
A message is to be transferred from one party to another via
Internet.
Sender & receiver are principals of transaction and must cooperate
for exchange to take place.
An information channel is established by defining a route through
Internet from source to destination with the help of communication
protocol like TCP/IP.
Techniques for providing security have following components:A security related transformation on information to be sent.
The secret information shared by two principals should be secret.
A trusted party is required to achieve secure transmission.
12
Model shows four basic tasks:
1. Design algorithm in such a way that an opponent cannot defeat its
purpose. This algorithm is used for security related information.
2. Generate secret information that can be used with algorithm.
3. Develop method for distributing and sharing of secret information.
4. Specify a protocol which can be used by two principals that make use
of security algorithm and secret information to achieve a security
service. OSI Layer for security model defines seven layers
 Authentication
 Access control
 Non repudiation
 Data integrity
 Confidentiality
 Availability or Assurance
 Notarization or Signature
BACK
13
Assets
Lecture 4




BACK
In computer security Asset any data, device or other component that
supports information related security.
Assets can be Hardware ,Software or Confidential Information.
Identification of asset should be relatively simple and regular
exercise.
Eg.Server,switches,support system etc.
14
Vulnerability
• In computer security, a vulnerability is a weakness which allows
an attacker to reduce a system's information assurance.
•Vulnerability is the intersection of three elements: a system
susceptibility or flaw, attacker access to the flaw, and attacker
capability to exploit the flaw.
•To exploit a vulnerability, an attacker must have at least one
applicable tool or technique that can connect to a system weakness.
In this frame, vulnerability is also known as the attack surface.
In any system vulnerability can be :
a)Account with system privileges where the default passwords has not
been changed.
b)Programs with unnecessary privilege.
c)Program with known fault.
d)Weak firewall configuration that allows access to vulnerable services
etc.
e)Weak access control settings on resources.
BACK
15
Risks
•The word Risk means that circumstances in which an organization’s
information system is confronted with a threat and vulnerability
converging.
•We can also say that risk is some incident or attack that can cause damage
to a system.
•An attack against a system is done by a sequence of action exploiting
weak point until attack goal is not accomplished.
The process of Risk is calculated as follows:
RISK
VULNERABILITY
ASSETS
BACK
16
THREATS
Risk analysis
Risk analysis is the identification and estimation of risks .Risk
identification is the process whereby one identifies the sources of
risk.
There are two fundamental types of risk analysis:
a)Quantitative Risk Analysis
b)Qualitative Risk Analysis

a)Quantitative Risk Analysis:A process of assigning a numeric
value to the probability of loss based on known risks, on financial
values of the assets and on probability of threats.
Eg:-The cost of replacing an asset, the cost of lost productivity, or the
cost of diminished brand reputation.
BACK
17
b)Qualitative Risk Analysis : It is a collaborative process of
assigning relative values to assets, assessing their risk exposure, and
estimating the cost of controlling the risk. In qualitative risk
analysis:
Assets can be rated based on critically-very important,important,nonimportant etc.
Vulnerabilities can be rated based on how it is fixed-fixed soon,
should be fixed, fix if suitable etc.
Threats can be rated based on scale of likely- unlikely, very likely etc.
BACK
18
Threats
Lecture 5
A threat is an action by attacker who tries to exploit vulnerabilities to
damage assets. Threats can be identified by the damage done to
assets like:
●Spoofing the identities of user.
●Securing settings may be changed which gives the attacker more
privileges.
●Information may be disclosed.
●A user may get more privileges on a system that he is entitled to.
BACK
19
Counter measures
Counter measure is an action, process, device, or system that can
prevent ,or mitigate the effects of, threats to a computer, server or
network. Countermeasure can take the form of software, hardware
and modes of behavior. Software countermeasure include:
●Personal firewalls
●Application firewalls
●Anti-virus software
●Pop-up blockers
●Spyware detection/removal programs
BACK
20
Hardware Countermeasure Include:
►Biometric authentication systems.
►Physical restriction of access to computers and peripherals.
►Intrusion detectors
►Alarms
Behavioral Countermeasure Include:
►Frequent deletion of stored cookies and temporary files from web
browsers.
►Regular scanning for viruses and other malware
►Regular installation of updates and patches for operating systems.
►Regular backing up data on external media.
►Staying away from questionable web sites.
BACK
21
Viruses
Lecture 6




BACK
Virus is a program which attaches itself to another program and
causes damage to the computer system or the network.
It is loaded onto your computer without your knowledge and runs
against your wishes.
They can replicate themselves, all computer viruses are manmade.
Even a simple virus is dangerous because it will quickly use all
available memory and bring the system to a halt.
22
Types of viruses






Parasitic Viruses: It attaches itself to executable code and
replicates itself. Once it is infected it will find another program to
infect.
Memory resident viruses: lives in memory after its execution it
becomes a part of operating system or application and can
manipulate any file that is executed , copied or moved.
Non- resident viruses: it executes itself and terminates or destroys
after specific time.
Boot sector Viruses: It infects boot sector and spread through a
system when it is booted from disk containing virus.
Overwriting viruses: It overwrites the code with its own code.
Stealth Virus: This virus hides the modification it has made in the
file or boot record.
BACK
23
CONTINUE….





Macro Viruses: These are not executable. It affects Microsoft word
like documents, they can spreads through email.
Polymorphic viruses: it produces fully operational copies of itself,
in an attempt to avoid signature detection.
Companion Viruses: creates a program instead of modifying an
existing file.
Email Viruses: Virus gets executed when email attachment is open
by recipient. Virus sends itself to every one on the mailing list of
sender.
Metamorphic viruses: keeps rewriting itself every time, it may
change their behavior as well as appearance code.
BACK
24
Lifecycle of virus
1. Dormant phase: The virus is idle and activated by some event.
2. Propagation phase: It places an identical copy of itself into other
programs or into certain system areas on the disk.
3. Triggering phase: The virus is activated to perform the function for
which it was intended.
4. Execution phase: The function of virus is performed.
IDENTICAL
COPY
DORMANT
PHASE
TRIGGERING
PHASE
PROPOGATION
PHASE
IDENTICAL
COPY
BACK
25
EXECUTION
PHASE
Virus Infected Code
Add i to j
print
close
end
Original Code
Add i to j
Virus job
Close
end
Infected
Code due to
virus
BACK
26
Delete all files
Send copy to
All user
return
Virus Code
Worms
Lecture 7




Small piece of software that uses computer networks and security
holes to replicate itself.
Copy of the worm scans the network for another machine that has a
specific security hole.
Copy itself to the new machine using the security hole and start
replicating.
Example “CODE RED”
BACK
27
Difference between Virus and Worm
Virus
Worm
A virus is a piece of code that attaches
itself to legitimate program
A worm is a malicious program that
spread automatically.
Virus modifies the code.
Worm does not modifies the code
Virus does not replicate itself
Worm replicate itself
Virus is a destructive in nature
Worm is non-destructive in nature
Aim of virus is to infect the code or
program stored on computer system
Aim of worm is to make computer or
network unusable
Virus can infect other files
Worm does not infect other files but it
occupies memory space replication.
Virus may need a trigger for execution Worm does not need any trigger
BACK
28
Difference Intruders & Insiders
INTRUDERS
INSIDERS
Intruders are authorized or
unauthorized users who are trying to
access the system or network.
Insiders are authorized users who try
to access system or network for which
he is unauthorized.
Intruders are hackers or crackers.
Insiders are not hackers.
Intruders are illegal users.
Insiders are legal users.
Intruders are less dangerous than
Insiders
Insiders are more dangerous than
Intruders.
Intruders do not have access to system Insiders have easy access to the
system because they are authorized
users
Many security mechanisms are used to There is no such mechanism to protect
protect system from Intruders.
system from Insider
BACK
29
Security attacks: Active and Passive attacks
Active Attacks: Active attacks involve some modification of the
data stream or the creation of false stream and can be subdivided into
four categories:
a)masquerade
b)replay
c) modification of messages
d)denial of service
Passive Attacks: Passive attacks are in the nature of eavesdropping
or monitoring of transmission .This attack is divided into following
categories:
a)release of message content.
b)Traffic analysis
BACK
30
Masquerade
Lecture 8
BACK
31
Replay
BACK
32
Modification of Messages
BACK
33
Denial of Service
BACK
34
Release of Message Content
BACK
35
Traffic Analysis
BACK
36
Different Types Of Attacks










i. Denial-of-service attacks
ii. Backdoors and Trapdoors
iii. Sniffing
iv. Spoofing
v. Spoofing E-mail
vi. Man is the middle attacks
vii. Replay attacks
viii. TCP/ IP Hijacking
ix. Attacks on Encryption
x. Malware or malicious code such as viruses
BACK
37
Denial-of-service attacks can exploit a known vulnerability in a
specific application or o.s, or may attack features in specific
protocols or services.
 In this form attacker is trying to deny authorized users access
either to specific information or to the computer system or either
network.
 The purpose of such an attack is to simply prevent access to target
system or the attack may be used in conjunction with other action
in order to gain unauthorized access to system or network.
 SYN flooding attack is one of the examples of this type.
 Following are types of DOS:
1. POD (ping-of-death)
2. DDOS (Distributed Denial of Service attack)

BACK
38
CONTINUE…
BACK
39
Backdoors and Trapdoors
Lecture 9
Backdoors : A backdoor is a feature of a program that can be used to
make it act in some way that person who is running it did not intend
 A backdoor in a computer system(or cryptosystem or algorithm) is a
method of bypassing normal authentication, securing remote access to a
computer obtaining access to palintext,and so on, while attempting to
remain undetected.
Trapdoors :These are the programs which when stored on the target
system, may allow easy access to hackers or give them sufficient
information about the target to carry out the attacks.
 A trap door is a secret entry point into a program that allows someone
that is aware at the trap door to gain access without going through the
usual security access procedure.
BACK
40
Sniffing
Sniffing A network sniffer is a software or hardware device that is
used to observe the traffic as it passes through the network on shared
broadcast media.
 The device can be used to view all traffic, all it can target a specific
protocol, service or even string of characters.
 Normally the network device that connects a computer to a
network is designed to ignore all traffic that is not destined for that
computer.
 Network sniffers ignore this friendly agreement and observe all
traffic on the network whether destined for that computer or others.
BACK
41
Spoofing
Spoofing It makes the data look like it has come from other source.
 This is possible in TCP/IP because of the friendly assumptions
behind the protocols.
 When a packet is sent from one system to another, it includes not
only the destination IP address but the source IP address.
 The user is supposed to fill in the source with your own address, but
there is nothing that stops you from filling in another system’s
address
 URL Spoofing
 Spoofing E-mail
 IP Address Spoofing
BACK
42
Continue…
Email spoofing
Url spoofing
Ip Address spoofing
BACK
43
Man in the middle attack




BACK
A man in the middle attack occurs when attackers are able to place
themselves in the middle of two other hosts that are communicating in
order to view or modify the traffic.
This is done by making sure that all communication going to or from the
target host is routed through the attacker’s host.
Then the attacker is able to observe all traffic before transmitting it and
can actually modify or block traffic.
To the target host, communication is occurring normally, since all
expected replies are received.
44
Replay attack
•In replay attack an attacker captures a sequence of events or some
data units and resends them.
•For example suppose user A wants to transfer some amount to user
C’s bank account. Both users A and C have account with bank B.
• User A might send an electronic message to bank B requesting for
fund transfer.
•User C could capture this message and send a copy of the same to
bank B. Bank B would have no idea that this is an unauthorized
message and would treat this as a second and different fund
transfer request from user A.
• So C would get the benefit of the fund transfer twice.-once
authorized and once through a replay attack.
BACK
45
TCP/IP Hacking
Lecture 10




TCP/IP hacking is the process of taking control of an already
existing session between a client and server.
The main benefit to an attacker of hijacking over attempting to enter
a computer system or network is that the attacker doesn’t have to
avoid any authentication mechanisms, since the user has already
authenticated and established the session.
When the user has completed its authentication sequence, the
attacker can then take the session and carry similar to the attacker,
and not the user, had authenticated with the system.
To prevent the user from noticing anything unusual the attacker may
decide to attack the user’s system and perform a Denial-of –Service
attack on it, so that user and system, will not notice the extra traffic
that is tacking place.
BACK
46
Encryption Attack





BACK
Encryption is the process of transforming plaintext into an
unreadable format known as cipher text using a specific technique
or algorithm.
Most encryption technique use some form of key in the encryption
process. The one key is used in a mathematical process to jumble
the original message to unreadable cipher text and other key is used
to decrypt the cipher text to recreate the original plaintext.
The length of key often directly relates to the strength of the
encryption.
Cryptography is the art and science of writing secret message.
Cryptanalysis is the process of attempting to break a cryptographic
system.
47
Malware
Malware, short for malicious software, is any software used to
disrupt computer operation, gather sensitive information, or gain
access to private computer systems.
Logic bomb:




BACK
These are also type of malicious software that is deliberately
installed, generally by authorized user.
It is a Code Bomb is code embedded in some legitimate program
that is set to explode when certain condition occurred.
If event like not finding a specific name in the personal file., the
code is referred to as Logic Bomb.
If the event is a particularly date or time, program will often be
referred as time bomb. They are difficult to detect.
48
Questions














What is computer security?[w-8.s-10,w-12]
Explain the need of security?[s-12,w-14]
State the goals of computer security.[s-13]
List and describe basic components of computer security.[s-10,w-12]
State and describe principles of security.[s-11]
Describe the three function of computer security.[w-08]
Describe the key principles of security.[s-9,w-10,w-11,w-13]
What are threats to security?[s-12]
What is virus? Explain different phases of virus life cycle.[w-13,s-13,w14]
What is worm ?Give significant difference between virus and worm.[s11]
List and explain types of virus?[w-10,s-13]
Compare Intruders and Insiders.[-09,s-13,w-14]
List different types of attack. Describe any one in brief.[w-10,w-13,s-13]
Explain Active and Passive attack.[s-12]
49
Questions







Explain denial of service attack with example.[w-9,s-12,s-13,w-13]
With neat sketch dig., explain SYN Flooding attack.[w-08,w-14]
Describe sniffing with example.[s-10,w-11,,s-11,w-12,w-13]
Describe spoofing with suitable example.[s-10,w-11.s-11,w-12,w-13]
Explain man-in-middle attack.[s-12,w-14]
Explain replay attack with the help of dig.[s-11,w-11,w-14]
What is logic bomb.[s-13]
50