Unit-8 : Computer Security (Notes of TU BSc. 4th Year Computer Science)

Computer Security

Syllabus : Introduction; Security threat and security attack; Malicious software; Hacking; Cryptography (symmetric key and public key); Introduction to Firewall; Users identification and Authentication; Security awareness; Security policy; Antivirus and Antispyware.  

Computer security is about securing a computer system (desktop or laptop) or a host. It is about securing a computer system which ensures a computer free of danger and contains no virus by using anti-virus software.

We need computer security because:

• It maintain confidentiality, availability, and integrity of data.
• It prevent electronic mail form getting hacked and unauthorized access.
• It protects easy passwords and pins being cracked.
• It eradicates vulnerabilities in the system or data. 

Security Threats

Security threat is possible danger that might explode vulnerabilities in a computer system to breach security and thus cause possible harm. Simply security threat is the interaction of actor, motivation and vulnerability.

A threat is something that may or may not happen but has potential to cause serious damage. A threat can be either intentional or accidental. Intentional threats are normally due to intelligent person like crackers, hackers or criminal organizations. On the other hand, accidental threats are due to malfunctioning of computer users. A threat can cause damage through unauthorized access, destruction, disclosure, modification of data or denial of service.

The four types of security threats are:

1. Interception : It refers to the situation that an unauthorized party has gained access to a service or a data. Example : communication between two parties has been overheard by someone else.
2. Interruption : It refers to the situation in which services or data become unavailable, unusable, destroyed and so on.
3. Modification : It involve unauthorized changing of data or tampering with a service so that it no longer adhere to its original specifications.
4. Fabrication : It refers to the situation in which additional data or activities are generated that would normally not exists.

Security Attack

Security attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access.

Intruders first of all analyze our environment and collect informations in order to exploit vulnerabilities and then perform desired type of attack in our computer system.

Our networks and data are vulnerable to any of the following types of attacks:

1. Passive attacks : An attack that attempts to learn or make use of information from system but does not affect system resources is called passive attack. It results in the disclosure of information or data files to attacker without the consent or knowledge of the user.
2. Active attacks : An attack that attempts to alter system resources or affect their operation is called active attack. It results in the disclosure of data files, medication of data.
3. Insider attacks : An attack initiated by an entity that is authorized to access system resources but uses them in a way not to approved by those who granted the authorization is called insider attack.
4. Outsider attack : An attack initiated by an unauthorized or illegitimate user of the system is called outsider attack.

Malicious Software

Malicious software (commonly known as Malware) is any software that brings harm to a computer system. It can be used to disrupt computer operation, gather sensitive information or gain access to private computer systems.

Malicious software can be in the form of worms, viruses, trojans, etc. which steal protected data, delete documents or add software not approved by users.

Worms:

This type of malware uses network resources for spreading. This is called worms because of its peculiar feature to creep from computer to computer using network, mail and other informational channels. Worms intrude our computer, calculate network address of other computers and send these to these addresses its copies.

The biggest danger with a worm is its capability to replicate itself on your system, so it could sent out hundreds or thousands of copies of itself creating a huge devastating effect.

Due to the copying nature of a worm and its capability to travel across networks, the end result in most cases is that the worm consumes too much system memory, causing web servers, network servers and individual computers to stop responding.

Father Christmas is an example of worm. It was distributed in 1987 and was designed for IBM networks.

Virus:

A computer virus is a program that inserts itself into one or more files and then performs some (positive null) action. It works into two phase.

1st - the virus inserts itself into a file, is called the insertion phase

2nd - it performs some action and is called execution phase.

It is important to note that a virus cannot be spread without human action.

The brain virus, written for IBM PCs is an example of this category.

Trojan horse:

They are the files that claim to be something desirable but, in fact are malicious codes or logic.

The trojan horse at first glance will appear to be useful software but will actually damage once installed or run on your computer.

Trojans are also known to create a backbone on your computer that gives malicious users access to your system.

A program named “waterfall.scr” serves as a simple example of a trojan horse.

Hacking

It is the practice of modifying the features of a system in order to accomplish a goal outside of the creator’s original purpose.

A hacker is someone who seeks and exploits weakness in a computer system or computer network.

Hackers may be motivated by a multitude of reasons such as profit, protest, challenge, enjoyment or to evaluate those weakness to assist in removing them.

Hacking practice can either be ethical (who don’t violate its security and credentials) or unethical (crackers).

Categories of Hackers:

1. Black hats : The type of hackers that violate computer security for personal gain such as stealing credit card numbers or harvesting personal data for sale to identity thieves, etc.
2. White hats : They are opposite of black hat hackers. They are ethical hackers, experts in compromising computer security systems who use their abilities for good, ethical and legal purpose rather than bad, unethical and criminal purpose.
3. Grey hats : They falls between black and white. They don’t work for their personal gain but they may technically commit crimes.

Cryptography

Cryptography is the art and science of making crypto system that is capable of providing information security. Cryptography deals with the actual securing of digital data. It refers to the design of mechanisms based on mathematical algorithms that provide fundamental information security services.

It is the science of providing security for information. It has been used historically as a means of providing secure communication between individuals, government agencies and military forces.

Today cryptography is a cornerstone of the modern security technologies used to protect information and resources on both open and closed networks.

The word cryptography means “secret writing” and is the art and science of information hiding. In ancient days, it was mostly referred as encryption (readable plain text to unreadable) and decryption.

Types of cryptography:

Secret/Symmetric Key	Public Key
Same key is used for encryption and decryption. Key must be kept secret.	Different keys are used. Key used for encryption is called public key and for decryption is called private key.
Encryption and decryption process is more faster than public key.	Slower.
It cannot be used for other systems than achieving confidentiality.	Can also be used in digital signatures and authentication systems.
Secrecy of the system entirely depends upon shared secret key. So if the key is lost, then whole system will fail.	Relatively more secure than private key.
Useful in the system where it is possible to share the secret key by meetings.	Useful when communication parties are at distant location and is difficult to share secret key.
It is feasible when numbers of users that is involved in communication is few.	Also feasible when the number of users that involve in communication is large.
Examples : caesar cipher, transportation cipher, etc.	Examples : RSA algorithm, EIGamal, etc.

Firewall

Firewall is a system designed to prevent unauthorized access to or from a private network. It can be implemented In both hardware and software or a combination of both.

Hardware firewalls can be purchased as a stand alone product but are also typically found in routers and should be considered as important part of system and network set-up. Software firewalls are installed on your computer.

There are several types of firewall techniques that will prevent potentially harmful information from getting through.

1. Packet Filter : It is typically set up of a list of rules based on matches to fields in the IP or TCP header. They are usually part of router.
2. Application Gateway : It applies security mechanism to specific applications such as FTP and Tenet servers. It is also called application proxy or application level proxy.
3. Circuit Level Gateway : It works at the session layer of OSI model or transport layers of TCP/IP protocol suite. The information that is passed to remote computer through circuit level gateway will appear as if originated from gateway.
4. Stateful Inspection Firewall : It keeps track of the state of network connections and is able to hold significant attributes of each connection in memory.

Basic purpose of firewall:

• It blocks incoming data that might contain a hacker attack.
• It hides information about the network by making it seem that all outgoing traffic originates from the firewall rather than the network. This is called Network Address Translation (TAN).
• It screens outgoing traffic to limit internet use and/or access to remote sites.

User Identification and Authentication

It is the process of determining and providing user identity. The process of authentication is often considered to consist of two distinct phases : identification and authentication.

Identification occurs when a user claims an identity. Authentication is the process of providing an identity and it occurs when subject provides appropriate credentials or evidences to prove their identity.

There are typically three components involved in the process of user authentication. They are:

1. Supplicant : The party in the authentication process that will provide its identity and evidence for it, and as a result will be authenticated.
2. Authenticator : It is the server that is responsible for verifying authenticity of users based on the evidence provided by him/her.
3. Authentication Database : It is the database that stores identity and other attributes that the user possesses. User need to provide these attributes to prove his/het identity.

Methods of Authentication

1) Password based authentication:

Passwords are an example of an authentication mechanism based on what people know. The user supplies a password and the computer validates it.

A password is an information associated with an entity that confirms the entity’s identity. It can be sequence of characters and digits or sequence of words such as phrases. Password can be used in storage in many ways such as in plain text form, in encrypted form or in the form of hash value of password.

2) Smart card based authentication:

A smart card is a small plastic cards, about the size of a credit card containing an embedded microchip that can be programmed to store specific user authentication information.

Smart cards help to eliminate the threats of hackers stealing stored or transmitted information from a computer. The information is processed on the smart card, so the authentication information is never transmitted to another machine.

3) Biometric based authentication:

It is a type of a system that relies on the unique physiological or behavioral characteristic of individuals to verify for secure access t electronic systems.

Some of the widely used physiological or behavioral characteristics are faces, fingerprints, voices, DNA structure, etc. Among all, biometric is the most secure and convenient authentication tool. It can’t be borrowed, stolen or forgotten but demerits are they are slow, intrusives and expensive.

Security Awareness

Security awareness is about educating employees about corporate security policies and procedures for working with information technology. Employee should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset.

By educating employees, suppliers, partners and customers, we can reduce the chances of securing threats and ensure that that all the staffs can properly handle an incident if it occurs.

Security Policy

Security policy is just a statement about what is allowed and not allowed to do in a system while security mechanism is a procedure how to implement the security policy. Policies may be presented mathematically, as a list of allowed (secure) and disallowed (non-secure) states.

Formulating security policy:

It depends upon the needs of particular organization. Main purpose of security policy is to secure organizational resources. Following steps id followed while formulating security policy.

• Analysis of existing security policy
• Identification of resources that needs to be secured
• Identification of possible security threats and attacks
• Formulation of possible security policies
• Evaluation of alternatives
• Selecting the best among alternatives

Antivirus and Anti-spyware

Anti-virus programs scan for viruses and related malware by examining the files on system for patterns of data that have been identified as being viruses. On some regular basis the database of patterns the programs use is updated to contain the latest information on known viruses.

Anti-spyware programs monitor system as someone use it for actions that are known to be spyware-related. For example, an anti-spyware program might trap attempts to change browser home page, or attempts to install software that starts automatically.

Anti malware applications

It is a type of software program designed to prevent, detect and remediate malware infections on individual computing devices and IT systems. The term antivirus software and anti-malware software are often used as synonyms. It provides or protects against infection caused by many types of malware, including viruses, worms, trojan horses, etc.