1.04k likes | 1.06k Views
Visit for more Learning Resources. Chapter 1 (22M). Introduction to computer security and security trends. Computer Security.
E N D
Chapter 1 (22M) Introduction to computer security and security trends
Computer Security • Computer security is designed to protect your computer and everything associated with it the workstations and printers, cabling, and disks and other storage media. Most importantly, computer security protects the information stored in your system. • Computer security deals with prevention and detention of unauthorized actions of user at computer system. • It involves security majors such as a Data encryption, passwords, antivirus, firewalls etc.
Need /Model / CIA model of Security • The need of computer security has been threefold: confidentiality, integrity, and availability—the “CIA” of security. 1. Confidentiality: 2.Integrity: 3.Availability/Authentication
1. Confidentiality: • The principle of confidentiality specifies that only sender and intended recipients should be able to access the contents of a message. • Confidentiality gets compromised if an unauthorized person is able to access the contents of a message . • Example of compromising the Confidentiality of a message is shown in fig. • Here, the user of a computer A send a message to user of computer B. another user C gets access to this message, which is not desired and therefore, defeats the purpose of Confidentiality. This type of attack is also called as interception.
2.Integrity: • when the contents of the message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost. • For example, • here user C tampers with a message originally sent by user A, which is actually destined for user B. user C somehow manages to access it, change its contents and send the changed message to user B. user B has no way of knowing that the contents of the message were changed after user A had sent it. User A also does not know about this change. This type of attack is called as modification.
3.Availability/Authentication • Authentication helps to establish proof of identities. The Authentication process ensures that the origin of a message is correctly identified. • For example, • suppose that user C sends a message over the internet to user B. however, the trouble is that user C had posed as user A when he sent a message to user B. how would user B know that the message has come from user C, who posing as user A? This concept is shown in fig. below. This type of attack is called as fabrication
Key Principles of Security • Confidentiality • Integrity • Availability • Authentication • Non repudiation • Access Control
Authentication • It determines the identity of user or other entity. • Authentication methods are as follows: • Password Based Authentication(Something user knows) • Devise Based Authentication (Something user has) • Biometric Authentication(Something about user)
1.Password Based Authentication (Something user knows) • It requires user to know something like User ID ,Passwords etc. • For an example to log onto a computer or network, you enter a user account name and the password assigned to that account. This password is checked against a database that contains all authorized users and their passwords. • Advantages: • Easy to implement • Requires no special equipment • Disadvantages: • Easy to forget • Easily copied • It is vulnerable to a password “cracker”
2. Devise Based Authentication (Something user has) • It requires the user to pass some items such as a key ,map strip, card etc. • Advantages: • It is difficult to copy • User can’t forget a password • Disadvantages: • Easy target for theft • User has to carry it every time
3.Biometric Authentication (Something about user) • It identifies some physical characteristics of user that can’t be separated from their body like voice ,fingerprint ,retina etc. • Advantages: • User don’t need to carry anything • User don’t need to remember passwords • Disadvantages: • Complex implementation • High Cost
Availability: • It ensures that data or system itself is available for user when user wants it. • Non repudiation: • It is a way to guarantee that the sender of a message can’t later deny having sent the message and that the receiver can’t deny having received the message • Access Control: • It gives organization the ability to control ,restrict , monitor and protect resource availability ,integrity ,confidentiality
Working of Network Security Model • Sender: it sends a message in a network in encrypted format. • Trusted 3rd party: It provides encryption key to sender . • Information Channel: Message is transferred through the information channel. • Opponent: It hacks the secret message to capture information but it is useless because message is in encrypted format so it is not readable for opponent. • Trusted 3rd party: It provides a key to receiver for decryption of message. • Recipient : when receiver receives a key then original message is display or read by receiver.
Threats to Security • Virus • Worms • Intruder • Insiders • Criminal Organizations • Terrorists • Information Warfare
What is a Virus? • Computer virus is a software program written with malicious intentions. • Computer virus is a harmful software program written intentionally to enter a computer without the user's permission or knowledge. • It has the ability to replicate itself, thus continuing to spread.
Phases(Life Cycle) of Virus 1) Dormant Phase Here, the virus remains idle and gets activated based on a certain action or event(for example, a user pressing a key or on a certain date and time etc) 2)Propagation Phase The virus starts propagating, that is multiplying itself. A piece of code copies itself and each copy starts copying more copies of self, thus propagating.
Phases(Life Cycle) of Virus 3)Triggering Phase A Dormant virus moves into this phase when it gets activated, that is, the event it was waiting for gets initialised. 4)Execution Phase The function of virus is performed. It can be destructive(deleting files on disk) or harmless(popping messages on screen).
Types of Computer Viruses • Parasitic viruses • Memory Resident virus • Non-Resident virus • Boot Sector virus • Overwriting virus • Stealth virus • Macro virus • Polymorphic virus • Email viruses • Metamorphic virus
Parasitic viruses • A parasitic virus attaches itself to a file in order to propagate. • . COM and EXE files are easiest to infect, as they are simply loaded directly into memory and execution always starts at the first instruction.
Memory Resident Virus • These viruses fix themselves in the computer memory and get activated whenever the OS runs and infects all the files that are then opened. • This type of virus hides in the RAM and stays there even after the malicious code is executed.
Non-Resident virus • A Non-Resident Computer Virus is a computer virus that is not stored on the hard drive of the computer that is impacted. • Rather, the virus is housed in an executable file that infects a computer each time it is accessed and run.
Boot Sector Virus • This type of virus affects the boot sector of a hard disk. . • It hides in the memory until DOS accesses the floppy disk, and whichever boot data is accessed, the virus infects it.
Overwrite Viruses • The virus replaces the file content. However, it does not change the file size.
Stealth virus • A stealth virus is complex malware that hides itself after infecting a computer. • Stealth viruses hide in files, partitions and boot sectors . • It uses various mechanisms to avoid detection by antivirus software.
Macro Virus • Macro viruses infect files that are created using certain applications or programs that contain macros, like .doc, .xls, .pps, .mdb, etc. • These are not executable viruses. • These hide in documents that are shared via e-mail or networks. • Examples: Relax, Melissa.A, Bablas, O97M/Y2K
Polymorphic Virus • Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system. • This makes it impossible for antivirus software to find them.
Companion Viruses • This is the virus which creates a new program instead of modifying an existing file. • These generally use the same filename and create a different extension of it. • For example: If there is a file "Me.exe", the virus creates another file named "Me.com" and hides in the new file. When the system calls the filename "Me", the ".com" file gets executed (as ".com" has higher priority than ".exe"), thus infecting the system.
Email viruses • An e-mail virus is computer code sent to you as an e-mail note attachment which, if activated, will cause some unexpected and usually harmful effect, such as destroying certain files on your hard disk and causing the attachment to be re mailed to everyone in your address book.
Metamorphic virus • This type of virus keeps rewriting itself every time. • It may change their behavior as well as appearance.
Computer Anti-Virus • Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. • There are certain types of anti-viruses.
Worms • Definition • Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). • Infection • Via buffer overflow, file sharing, configuration errors and other vulnerabilities.
Intruder • An intruder is a person that enters territory that does not belong to that person . • Intruders are said to be of three types, as below: • Masquerader: • Misfeasor: • Clandestine user:
1. Masquerader: • A user who does not have the authority to use a computer, but penetrates into a system to access a legitimate user‘s account is called a masquerader. • It is generally an external user. • It pretend to be someone which is not. 2. Misfeasor: There are two possible cases for an internal user to be called as a misfeasor: i) A legitimate user, who does not have access to some applications, data or resources, accesses them. ii) A legitimate user, who has access to some applications, data or resources, misuses these privileges.
3.Clandestine user: • An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls to suppress the audit collection. • An internal or external user who tries to work using the privileges of a supervisor user to avoid auditing information being captured and recorded is called as a clandestine user. • It can be insider or outsider.
Insiders • Insiders are authorized users who try to access system or network for which he is unauthorized. • Insiders are legal users. • They have easy access to the system because they are authorized users.
Why insiders are more dangerous than intruder? • More dangerous than Intruders as they have knowledge about the security system. • They have easy access to the system because they are authorized users. • There is no security mechanism to protect system from Insiders. Insiders are more dangerous than intruders because: • The insiders have the access and necessary knowledge to cause immediate damage to an organization.. • So they can have all the access to carry out criminal activity like fraud. • They have knowledge of the security systems and will be better able to avoid detection
Risk and Threat Analysis: • Assets: • Vulnerability : • Threats: • Counter measures: Risks = Assets * Vulnerability * Threats
Asset: • Assets are nothing but all H/W and S/W components like ,CPU, cables, RAM etc.. • Vulnerability: • It s weakness in the system • It is a point where a system is susceptible to attack • Vulnerabilities cab be exploited to cause a harm or damage
Threat : • It is a set of circumstances that has potential to cause loss or harm. • is a possible danger to the system • The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system
Countermeasures: • Theseare actions,device,procedures or techniques for protecting your system.
Threat: Bridge may collapse, vulnerability-crack in cement controls -repairs the cracks in cement Vulnerability exploited