INTRODUCTION TO THE CONCEPTS OF

SECURITY

Prepared By:
Dr. Somya Dubey
 INTRODUCTION :The need for security
 Security Approaches
 Principles of Security
 Types of Attacks
 Cryptographic Techniques
 Encryption and Decryption,
 Possible Types of Attacks.
The NIST Computer Security Handbook defines the
term computer security as follows:
“Computer Security: The protection afforded to an
automated information system in order to attain the
applicable objectives of preserving the integrity,
availability, and confidentiality of information
system resources (includes hardware, software,
firmware,information/data,and
telecommunications).”
“The protection of information systems against
unauthorized access to or modification of information,
whether in storage, processing or transit, and against
the denial of service to authorized users, including
those measures necessary to detect, document, and
counter such threats.”
There are four main types of IT security that are important to understand when it
comes to security. IT security is the process of protecting all data of a
particular entity, both electronic and physical.

 Network security – The security between different devices located on the same
network. In this case, both software security and hardware security are
important. When securing a network, companies look to make sure that their
network won’t be used maliciously.
 End-point security – In this situation, security is focused on the devices used.
This means that laptops, phones, computers, tablets, etc. are secure (again, both
software and hardware) to avoid unwanted users sneaking in. This often
involves various methods of encryption, user controls, and of course, software
security.
 Internet security – This is what is commonly known as cybersecurity and deals
with the transit and use of information. Cybersecurity attacks happen when
information is intercepted and therefore various layers of encryption and
authentication are typically used to stop these attacks.
 Cloud security – Cloud security revolves around lowering software security
risks within the cloud. Some of the concepts in cloud security overlap with the
other forms of security listed here, in having to secure data transfers, and
devices on the same network.
 Challenges in Security?
1.Use of computer with internet
2. Software tools are available freely
3. Importance of information
4.Lack of awareness/ignorance/hesitation

PROTECTION
Unauthorized Access by intentionally or unintentionally.
1.Physical Security:- Access control to physical device
E.g:- Pen drive, Hard drive, CD/DVD, Computer,
2. Private Security :- Individual or group
3. Project Security :- Design , Code operation security
 Information:- Computers, Networks, Internet, Mobile.
 Security:-trying to understand how to protect.
 The various dangers & pitfalls when we use
technology.
 The consequences of not setting up the right
 Security Policies
 Security Framework
 Security Technology
 Business & different types of transactions are being
conducted to a large extent over Internet.
 Inadequate or improper security mechanism can bring
whole business down or play havoc with people’s lives!
 Since Electronic Documents & Messages are now
becoming equivalent to proper documents in terms of
their legal validity & binding.
 Businesses collect mass amounts of data about their
customers, employees, and competitors.
 Most of this data is stored on computers and mobiles and
transmitted across networks.
 If this information should fall into the hands of a
competitor, the result could be loss of business, lawsuits
and bankruptcy.
 Protecting corporate data is no longer an option, it is a
requirement.
 Protecting information and information systems
from unauthorized access, use, disclosure, disruption,
modification, or destruction.

 Background
 Throughout history, confidentiality of information
has always played a key role in military conflict.
 In Past No or little security.
 Now a days Importance of data was truly realized.
 Financial & Personal data
 Therefore various areas in security began to gain
prominence.
 Typical Examples of Basic Security Mechanism:
 Authenticate a User->id, pw
 Encode->DB->Not Visible to user who do not have the
right permission.
 Organization employed their own mechanism.
 Internet took the world by storm.
 Technology Improved
 Communication Infrastructure became extremely
mature.
 Newer & newer applications begins to developed for
various user demands & need.
 Soon peoples realized that basic security measures
were not quite enough.
•Recent events show that commercial, personal and sensitive
information is very hard to keep secure.

•As breaches in information security continue to make headline news, it

is becoming increasingly clear that technological solutions are not the
only answer.

•Research conducted in 2007 suggests that at least 80% of data leakages

are caused by staff rather than IT systems (source: Financial
Times/Forrester Research, Nov-07).

•It is clear therefore that Information Security should be viewed as a

management function rather than one of IT alone.
 Russian Attacker Maxim actually manage to intruder
into a merchant Internet site & obtained 300,000 credit
card numbers from its DB.
 He then attempted extortion by demanding protection
money($100,000) from the merchant.
 The merchant refused to oblige.
 Following this, the attacker published about 25,000
of the credit card numbers on the internet!
 Some banks reissued all the credit cards at a cost of
$20 per card & others forewarned their customers
about unusual entries in their statements.
 2023'Q1 saw twice less data breaches than 2022'Q4.
 2023'Q1 saw a 48.5% decrease in breached accounts.
 41.6M accounts were leaked in total, with 5 accounts
being leaked every second.
 49% less breached accounts globally in 2023'Q1
compared to 2022'Q4.
 1 in 6 accounts breached in 2023'Q1 were of Russian
origin.
 Rank in the World
1 .Russia :6,626,327
2.The U.S.:5,030,058
3.Taiwan:3,996,082
4.France:3,161,119
5.Spain:3,118,639
 Cyber attacks have been rated the fifth top rated risk in 2020 and
become the new norm across public and private sectors.
 the World Economic Forum’s 2020 Global Risk Report states
that the rate of detection (or prosecution) is as low as 0.05
percent in the U.S.
 Cybercrime, which includes everything from theft or
embezzlement to data hacking and destruction, is up 600% as a
result of the COVID-19 pandemic.
 Cybercrime will cost companies worldwide an estimated $10.5
trillion annually by 2025, up from $3 trillion in 2015. At a
growth rate of 15 percent year over year — Cybersecurity
Ventures also reports that cybercrime represents the greatest
transfer of economic wealth in history.
 Longtail Cost of Cyber Attacks
 The long tail costs of a data breach can extend for
months to years and include significant expenses that
companies are not aware of or do not anticipate in their
planning.

 These costs include lost data, business disruption,

revenue losses from system downtime, notification
costs, or even damage to a brand’s reputation. In the
visual below, we outline the impacts a business may
face from the first year up to the third year.
 Unlike the viruses of a few years ago that would shut down a system for a few
hours, today’s consequences of cyber attacks can include stolen data, destroyed
networks, and thousands or even millions of dollars in recovery efforts.
 Growing types of cyberattacks in 2022 are:
 Ransomware: Ransomware is a type of malicious software that, once
launched, encrypts data or shuts down access to a computer system until a
ransom is paid. Even when the ransom is paid, the data has been breached and
may be used or sold. According to the Sophos 2022 Threat Report, 37 percent
of companies were targeted by ransomware in 2021.
 Mobile Malware: This is malicious software specifically designed to steal data
and destroy operating systems on mobile devices, including smartphones and
even smartwatches.
 Targeting the Internet of Things: Smart thermostats, doorbell cameras, cars,
and refrigerators are all examples of IoT devices that can be easily breached
and controlled. While this may not seem serious, temperature sensors in
industrial settings can lead to shutdowns, fires, or other damage, while malware
in vehicles can shut them down or even re-route them.
1. Automating Attacks:-
 Traditional Attack: Produce Coins using machinery & Bring
them into circulation.
 Modern Attack: Steal half a dollar from million accounts in a
few minutes time digitally.
2. Privacy Concern:-Every Company are collecting &
processing lots of information about us. Without we
realizing when & how it is going to be used.
3. Distance does not matter:- Attack Can be launched from the
distance.
E.g:- In 1995, a Russian hacker broke into Citibank’s computer
remotely, stealing $12M.
Although the attacker was traced, it was very difficult to get
extradited him for the court case.
  These are the 4 chief principles of security.
1. Confidentiality:- Is message seen by someone else?
2. Authentication:- Do u trust the sender of msg?
3. Integrity:- Is the meg changed during transmit?
4. Non-repudiation:- Can sender refute the msg?
 Above principles r related to a particular message.
 There r 2 more linked to overall system as a whole.
5. Access Control:- Who can Access what? [ACL]
6. Availability:- Information should be available timely.
 Confidentiality is the process of preventing disclosure of
information to unauthorized individuals or systems.
 Example: Credit card
 This term covers two related concepts:
◦ Data confidentiality
◦ Privacy

 Confidentiality is necessary, but not sufficient to maintain

privacy.
 Integrity means that data cannot be modified/change without
Authorization.
 This term covers two related concepts:
◦ Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
◦ System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the
system.

Examples: Manual deletion or alteration or creation of important

data files, Virus infection, Employee altering their own salary
etc.
 For any information/system to serve its purpose.
 The information must be accessible & usable when it
is needed.
 Computing systems used to store and process the
information, the security controls used to protect it,
and the communication channels used to access it
must be functioning correctly.
Examples: Power outages, Hardware failures,
System upgrades and Preventing denial-of-service
attacks
 These three concepts form what is often referred to as
the CIA triad.
 In computing, e-Business and information security
it is necessary to ensure that the data ,
transactions, communications or documents
(electronic or physical)
are genuine (i.e. they have not been forged or
fabricated.)

Examples: Passport, Credit card Accounts, academic

transcripts
 It is a complex term used to describe the lack of deniability of
ownership of a message, piece of data, or Transaction.

Examples: Proof of an ATM transaction, a stock trade, or an

email.
 Role Management->User Side->Which user can do
what.
 Rule Management->Resource Side->Which resources
are accessible and under what circumstances.
 Access Control List is subset of Access Control Matrix.
 Risk ->Secure->Action
 To control the threats
 Providing techniques & measures(e.g Audit)
 Developing a secure computing platform to
restrict the users to perform the only
particular actions that is permitted.
 At the same time restrict this user too misuse
their rights to use the system.
1. External Approach:- for external attacker
2. Internal Approach:- for inside environmental
attack
 Cryptographic Techniques:- Confidentiality &
integrity of data
 Authentication Techniques:- to guarantee that
communication is between Authentic users.

 Chain of trust techniques- authentic software

 Access Control- privilege & authorization
 Capability to detect un-patched known flaws
 Back up of data
 Anti-virus software
 Firewall
 IDS/IPS- related to access & misuse
 Information Security Awareness- social engineering
Security is the most important aspect of computer world
Following r the steps one should follow:-

 Assets:- Decide, Identify, Protect

 Risks:- identify threats, attacks, vulnerabilities,
exploits, theft
 Protection:- find out the solutions
 Tools & Technique:- select
 Priorities:- decide the order of point 4
1. Cryptography:- Mathematical “scrambling’’ of data.
2. Data Security:- Protective measures, keep safe from un-
authorized access, privacy, prevent breaches , etc.
3. Computer Security Model:-
It Depends on computer architecture, specification, security
issues, protection mechanism.
Act as a framework for information system security policy.
4. Network Security:-
Protection during transmission,
Policies & provision by Admin,
Authorization & Access Control,
5. Computer Security Procedure:-
strategies, guideline, policies,
standards, specification, regulations & laws.
6. Security Exploits:-
Vulnerabilities,
Unintended & un-patched flaws in s/w,
Virus, worms & Trojan horses,
malwares
Different types of attacks,
7. Authentication:- person, computer, program
8. Identity management:- user, device, services
9. Internet policy:- whatsapp, FB, ect..
10. Security Software
 Leading IDS And IPS Solutions  Sagan
(Unranked)  Samhain
 AIDE  Security Onion
 BluVector Cortex  Semperis
 Check Point Quantum IPS  Snort
 Cisco NGIPS  SolarWinds Security Event Manager
 Fail2Ban (SEM) IDS/IPS
 Fidelis Network  Suricata
 Hillstone Networks  Trellix (McAfee + FireEye)
 Kismet  Trend Micro
 NSFOCUS  Vectra Cognito
 OpenWIPS-NG  Zeek (AKA: Bro)
 OSSEC  ZScalar Cloud IPS
 Palo Alto Networks
 Threat: A security threat is a malicious act that aims to corrupt
or steal data or disrupt an organization's systems or the entire
organization.
 Attack: Any kind of malicious activity that attempts to collect,
disrupt, deny, degrade, or destroy information
system resources or the information itself.
 Vulnerability: A vulnerability in security refers to a weakness
or opportunity in an information system that cybercriminals
can exploit and gain unauthorized access .
 Countermeasure or control: Cryptography,Encryption,security
policies…
Kinds of Threats
  Attacks: A Technical View
1. Theoretical Concepts behind this attack.
 Interception:- Copying of data & program & listening
to N/W Traffic.
 Fabrication:-Attacker may add fake records to a
database. Creation of illegal objects on the computer
system.
 Modification:-Attacker modifies Value of DB
 Interruption:- Resources became unavailable, lost or
unusable. Causing problems to a H/W device, erasing
program, Data or OS components.
 Attacker eavesdropping or monitoring of data
transmission.
 Tries too learn something out of it & make use of it.
 Aims to obtain information that is in transmit.
 No Modification
 Detection harder.
1. For plain text Message
 Solution prevention :- encryption
2. For Encoded Message

 Similarity -> Pattern -> Clue

 Modification
 Creation of False Message
 No prevention
 Solution Detection & Recovery
Masquerade :- Trying to pose as another entity
Threat Consequence Threat Action (Attack)
Exposure: Sensitive data are directly released to an unauthorized
entity.
Interception: An unauthorized entity directly accesses sensitive
Unauthorized Disclosure data traveling between authorized sources and destinations.
A circumstance or event whereby Inference: A threat action whereby an unauthorized entity
an entity gains access to data for indirectly accesses sensitive data (but not necessarily the
which the entity is not authorized. data contained in the communication) by reasoning from
characteristics or by-products of communications.
Intrusion: An unauthorized entity gains access to sensitive data
by circumventing a system’s security protections.

Deception Masquerade: An unauthorized entity gains access to a system or

A circumstance or event that performs a malicious act by posing as an authorized entity.
may result in an authorized entity Falsification: False data deceive an authorized entity.
receiving false data and believing it Repudiation: An entity deceives another by falsely denying
to be true. responsibility for an act.

Incapacitation: Prevents or interrupts system operation by

Disruption
disabling a system component.
A circumstance or event that
Corruption: Undesirably alters system operation by adversely
interrupts or prevents the correct
modifying system functions or data.
operation of system services and
Obstruction: A threat action that interrupts delivery of system
functions.
services by hindering system operation.
Usurpation Misappropriation: An entity assumes unauthorized logical or
A circumstance or event that results physical control of a system resource.
in control of system services or Misuse: Causes a system component to perform a function or
functions by an unauthorized entity. service that is detrimental to system security.
 Virus
 Worms
 Trojan Horse
 Applets & ActiveX Controls
 Cookies
 Java Script VB Script Jscript
 Program That Attacks to cause some damage or to
create confusion.
 Practical Side Of Attack
 A piece of program code that attaches itself to another
legitimate program & causes damage to the computer
system or to the N/W.

 Properties Of Virus
 Self-propagates
 Action /Event Driven
 Solution->Good backup, recovery Procedure.
 During its life time Virus goes through four phases:-
1. Dormant
2. Propagation
3. Triggering
4. Execution
  Virus can be classified into following categories:-
1. Parasitic->.EXE
2. Memory-Resident Virus->.EXE
3. Boot Sector->MBR->Disk->OS
4. Stealth->Intelligence Built in->prevent detection AV
5. Polymorphic->changing its signature->difficult detection
6. Metamorphic->5+rewriting itself every time->more hard
7. Macro virus->Application S/W->like MS office Docs.
Worms :A worm is a type of malware or malicious
software that can replicate rapidly and spread across
devices within a network. As it spreads, a worm consumes
bandwidth, overloading infected systems and making them
unreliable or unavailable.

Trojan Horse: A Trojan Horse Virus is a type of malware

that downloads onto a computer disguised as a legitimate
program. The delivery method typically sees an attacker
use social engineering to hide malicious code within
legitimate software to try and gain users' system access
with their software.