Computer Security

Chapter One

Introduction to Computer Security

1
Outline
 Basic concepts of computer security.

 Threats, vulnerabilities, controls, risk.

 Goals of computer security.

 Security attack.

 Security policies and mechanisms.

 Prevention, detection, and deterrence.

 Software security assurance.

2
 Basic Concepts of Computer Security.
 Computer security refers to protecting and securing computers and their
related data, networks, software, hardware from unauthorized access,
misuse, theft, information loss, and other security issues. The Internet has
made our lives easier and has provided us with lots of advantages but it
has also put our system’s security at risk of being infected by a virus, of
being hacked, information theft, damage to the system, and much more.

 Computer security is about provisions and policies adopted to protect

information and property from theft, corruption, or natural disaster while
allowing the information and property to remain accessible and productive
to its intended users.

3
 Cont...
 Computer Security is the process of detecting and preventing any
unauthorized use of your computer. It involves the process of
safeguarding against intruders from using your personal or office
based computer resources with malicious intent or for their own
gains, or even for gaining any access to them accidentally.

 With the use of growing technology, invaders, hackers and thieves

are trying to harm our computer’s security for monetary gains,
recognition purposes, and others. invading into other businesses,
organizations, etc. In order to protect our system from all these risks,
computer security is important.
4
 Why Security?

 Because there are potential losses due to security attacks.

 Losing you data:- If your computer has been hacked or

infected, there is a big chance that all your stored data might be
taken by the attacker.
 Reputation Loss:- Just think if your Facebook account or

business email has been owned by a social engineering attack

and it sends fake information to your friends, business partners.
 Identity Theft:- This is a case where your identity is stolen and

can be used for a crime like making false identity documents.

5
 Famous security problems
 NASA shutdown.

 In 1990, an Australian computer science student was charged for

shutting down NASA’s computer system for 24 hours.

 Airline computers.

 In 1998, a major travel agency discovered that someone

penetrated its ticketing system and has printed airline tickets
illegally.

 Bank theft.

 In 1984, a bank manager was able to steal $25 million through un-
6
audited computer transactions.
 Cont.…
 Cyber crime and Ethiopia.

 Employees of a company managed to change their

salaries by fraudulently modifying the company’s
database.
 In 1990s Internet password theft

Hundreds of dial-up passwords were stolen and sold to other

users.

Many of the owners lost tens of thousands of Birr each.

 In Africa: Cote d’Ivoire.

7

 Computer Security Elements
 Different Elements in Computer Security.

 The general state in Computer Security has the ability to detect and
prevent attacks and to be able to recover. In order to fulfil these
requirements, we come to the three main elements which
are confidentiality, integrity, and availability and the recently
added authenticity and utility.

 Confidentiality:- Restrictions on information access and expose. A

loss of confidentiality is the unauthorized disclosure of information.

 This term covers two related concepts:-

8
 Cont.…
 Data confidentiality:- Assures that private confidential
information is not made available or exposed to unauthorized
individuals.

 Privacy:- Assures that individuals control what information

related to them may be collected and stored and by whom and to
whom that information may be disclosed.

 Confidentiality is a need to keep information secret from other

third parties that want to have access to it, so just the right
people can access it.
9
 Cont.…

 Example in real life:- Let’s say there are two people

communicating via an encrypted email they know the decryption
keys of each other and they read the email by entering these keys
into the email program. If someone else can read these decryption
keys when they are entered into the program, then the
confidentiality of that email is compromised.

10
 Cont.…
 Integrity:- Protect improper information modification. A loss of
integrity is the unauthorized modification or destruction of information.

 This term covers two related concepts:

 Data integrity:- Assures that information's and programs are

changed only in authorized manner.
 System integrity:- Assures that a system performs its intended
function in an unaffected manner, free from unauthorized
manipulation of the system.

 Integrity is the trustworthiness of data of preventing unauthorized and

improper changes.
11
 Cont.…

 Example in real life:- Let’s say you are doing an online payment of
5 USD, but your information is tampered without your knowledge in
a way by sending to the seller 500 USD, this would cost you too
much.

 Commonly used methods to protect data integrity includes hashing

the data you receive and comparing it with the hash of the original
message. However, this means that the hash of the original data
must be provided in a secure way.

12
 Cont.…

 Availability:- Ensuring timely and reliable access to the use of

information. It Assures that systems work punctually and service is not
denied to authorized users. Availability refers to the ability to access
data when it is required, as such the information has value only if the
authorized people can access at right time. Denying access to data
nowadays has become a common attack. Imagine a downtime of a live
server how costly it can be.

 Example in real life:- Let’s say a hacker has compromised a

webserver of a bank and put it down. You as an authenticated user want
to do an e-banking transfer but it is impossible to access it, the undone
13
transfer is a money lost for the bank.
 Computer Security - Terminologies
 Threat:- Is an action or event that might compromise the security.

 Vulnerability:- It is a weakness, a design problem or

implementation error in a system that can lead to an unexpected
and undesirable event regarding security system.

 Attack:- Is an beating on the system security that is delivered by

a person or a machine to a system. It violates security.

 Social Engineering:- Is a technique that a hacker uses to stole

data by a person for different purposes by psychological
manipulation combined with social scenes.
14
 Cont.…
 Hacker:- Is a Person who tries and exploits a computer system
for a reason which can be money, a social cause, fun etc.

 Hacking:- is any attempt to intrude or gain unauthorized access

to your system either via some operating system flaw or other
means. The purpose may or may not be for malicious purposes.

 Cracking:- is hacking conducted for malicious purposes.

 Asset:- is anything that can has value to the organization, its

business operations and their continuity, including information
resources that support the organization's mission.
15
 Types of Computer Security

 Computer security can be classified into four types:-

 1. Cyber Security:- Cyber security is means of securing our

computers, electronic devices, networks , programs, systems
from cyber attacks. Cyber attacks are those attacks that happen
when our system is connected to the Internet.

 2. Information Security:- Information security means

protecting our system’s information from theft, illegal use and
piracy from unauthorized use. Information security has mainly
three objectives: confidentiality, integrity, and availability
16
of information.
 Cont.…

 3. Application Security:- Application security means securing

our applications and data so that they don’t get hacked and also
the databases of the applications remain safe and private to the
owner itself so that user’s data remains confidential.

 4. Network Security:- Network security means securing a

network and protecting the user’s information about who is
connected through that network. Over the network hackers steal,
the packets of data through sniffing and spoofing attacks, man in
the middle attack, war driving, etc. and misuse the data for their
benefits. 17
 Threats, vulnerabilities, controls, risk

 What is Threat?

 A cyber threat is a malicious act that seeks to steal or damage

data or upset the digital network or system. Threats can also be
defined as cyber attack to get access to the sensitive data of the
system unethically. Examples of threats include computer
viruses, Denial of Service Attack (Dos) and even
sometimes dishonest employees.

 Types of Threat.

 Threats could be of three types, which are as follows:-

18
 Cont.…

1. Intentional:- Malware, phishing, and accessing someone’s

account illegally, etc. are examples of intentional threats.

2. Unintentional:- Unintentional threats are considered human

errors, for example, forgetting to update the firewall or the
anti-virus could make the system more vulnerable.

3. Natural:- Natural disasters can also damage the data, they

are known as natural threats.

19
 Cont.…

 What is Vulnerability?

 In cybersecurity, a vulnerability is a defect in a system’s

design, security procedures, internal controls, etc. that can be
misused by cybercriminals. In some very rare cases, cyber
vulnerabilities are created as a result of cyberattacks, not
because of network misconfigurations.
 Types of Vulnerability:-
 Vulnerabilities could be of many types, based on different
criteria, some of them are:-

20
 Cont.…

 Network:- Network vulnerability is caused when there are

some defects in the network’s hardware or software.
 Operating system:- When an operating system designer
designs an operating system with a policy that grants every
program/user to have full access to the computer, it
allows viruses and malware to make changes on behalf of the
administrator.
 Human:- Users’ negligence can cause vulnerabilities in the

system or insiders.
21
 Cont.…

 Physical vulnerabilities (Ex. Buildings).

 Natural vulnerabilities (Ex. Earthquake).

 Hardware and Software vulnerabilities (Ex. Failures).

 Media vulnerabilities (Ex. Disks can be stolen).

 Communication vulnerabilities (Ex. Wires can be tapped).

22
 Classification of Vulnerabilities

 Hardware:- Susceptibility to humidity, Susceptibility to dust,

susceptibility to unprotected storage.

 Software:- insufficient testing, lack of audit trail.

 Network:- unprotected communication lines, insecure network

architecture.

 Personnel:-inadequate security awareness.

 Site:- area subject to flood, unreliable power source.

 Organizational:- lack of regular audits, lack of security.

23
 Cont.…

 What is Risk? :- Cyber risk is a potential consequence of the loss

or damage of assets or data caused by a cyber threat. Risk can
never be completely removed, but it can be managed to a level that
satisfies an organization’s tolerance for risk. So, our target is not to
have a risk-free system, but to keep the risk as low as possible.

 Cyber risks can be defined with this simple formula- Risk = Threat
+ Vulnerability.

 Cyber risks are generally determined by examining the threat actor

and type of vulnerabilities that the system has.
24
 Cont.…

 Types of Risks

 There are two types of cyber risks, which are as follows:-

1. 1. External:- External cyber risks are those which come from

outside an organization, such as cyberattacks, phishing
ransomware, DDoS attacks, etc.

2. 2. Internal:- Internal cyber risks come from insiders. These

insiders could have malicious intent or are just not be properly
trained.

25
 Cont.…
Threat Vulnerability Risk
 Take advantage of  Known as the
vulnerabilities in weakness in  The potential for
the system and hardware, software, loss or destruction
have the potential or designs, which of data is caused
to steal and might allow cyber by cyber threats.
damage data. threats to happen.

 Generally, can’t be
 Can be controlled  Can be controlled
controlled

 It may or may not  Generally,

 Always intentional
be intentional. unintentional

26
 Security Threats and Attacks

Friends and enemies: Alice, Bob, Trudy.

 well-known in network
security world.
 Bob, Alice (lovers!) want to
communicate “securely”.
 Trudy (intruder) may
intercept, delete, add
messages.
27
 Categories of Attack

Normal flow of information

 Interruption:- An attack on availability.

Interruption

 Interception:- An attack on confidentiality.

Interception

28
 Cont.…

 Modification:- An attack on integrity.

 Fabrication:- An attack on
authenticity.

29
 Types of Attacks

 A. Active Attacks:-Active attacks are unauthorized actions that

alter the system or data. In an active attack, the attacker will
directly interfere with the target to damage or gain unauthorized
access to computer systems and networks.
 This is done by injecting hostile code into communications,
masquerading as another user, or altering data to get
unauthorized access. This may include the injection of hostile code
into communications, alteration of data, and masquerading as
another person to get unauthorized access.
30
 Cont.…
 Types of active attacks are as follows:-

1. Masquerade Attack:- include behaving like an actual user with the

intention of manipulating people to give out their private information or
allowing them into secured locations.

 Example1:- Username and Password Masquerade: In this

masquerade attack, a person uses either stolen or even forged
credentials to authenticate themselves as a valid user while gaining
access to the system or application.

 Example 2:- Website masquerade:- A hacker creates a fake website

that resembles as a legitimate one in order to gain user information or
even download malware.
31
 Cont.…

 2. Modification of Messages:- This is when someone changes

parts of a message without permission, or mixes up the order of
messages, to cause trouble.

 Imagine someone secretly changing a letter you sent, making it

say something different. This kind of attack breaks the trust in the
information being sent. For example, a message meaning “Allow
JOHN to read confidential file X” is modified as “Allow Smith to
read confidential file X”.

32
 Cont.…

 3. Repudiation:- Repudiation attacks are a type of cyber attack

where in some person does something damaging online, such as a
financial transaction or sends a message one does not want to send,
then denies having done it. Such attacks can seriously hinder the
ability to trace down the origin of the attack or to identify who is
responsible for a given action, making it tricky to hold responsible
the right person.

 Example:- Data repudiation attacks: In a data repudiation

attack, data is changed or deleted. Then an attacker will later
pretend he has never done this. 33
 Cont.…

 4. Replay:-It is a passive capturing of a message with an

objective to transmit it for the production of an authorized effect.
Thus, in this type of attack, the main objective of an attacker is
saving a copy of the data that was originally present on that
particular network and later on uses it for personal uses. Once the
data gets corrupted or leaked it becomes an insecure and unsafe
tool for its users.

34
 Cont.…

 5. Denial of Service (DoS) Attack:- Denial of Service (DoS) is a

form of cybersecurity attack that involves denying the intended
users of the system or network access by flooding traffic or
requests. In this DoS attack, the attacker floods a target system or
network with traffic or requests in order to consume the available
resources such as bandwidth, CPU cycles, or memory and prevent
legitimate users from accessing them.

 Example:- Flood attacks:- Here, an attacker sends such a large

number of packets or requests to a system or network that it cannot
handle them all and the system gets crashed. 35
 Cont.…
 To Prevent DoS attacks, organizations can implement several
measures, such as:-

1. Using firewalls and intrusion detection system to monitor network

traffic and block suspicious activity.

2. Limiting the number of requests or connections that can be made to

a system or network.

3. Using load balancers and distributed systems to distribute traffic

across multiple servers or networks.

4. Implementing network segmentation and access controls to limit

the impact of a DoS attack. 36
 Cont.…

 B. Passive Attacks:- A Passive attack attempts to learn or make

use of information from the system but does not affect system
resources.

 The goal of the opponent is to obtain information that is being

transmitted. Passive attacks involve an attacker passively
monitoring or collecting data without altering or destroying it.

 Examples:- of passive attacks include eavesdropping where an

attacker listens in on network traffic to collect sensitive
information, and sniffing, where an attacker captures and
analyzes data packets to steal sensitive information. 37
 Cont.…
 What are some common attacks?

A. Web attacks.
 Phishing, Cross-site scripting (XSS) it is a web security
vulnerability.

B. OS, applications and software attacks.

 Virus, Trojan, Worms, Rootkits, Buffer Overflow.

 Not all hackers are evil wrongdoers trying to steal your info.

 Ethical Hackers, Consultants, Penetration testers, Researchers.

38
 Cont.…
 Network Attacks.

 Packet Sniffing.

 Internet traffic consists of data “packets”, and these can be

“sniffed”
 Leads to other attacks such as:-

 password sniffing, cookie.

 stealing session hijacking.

 information stealing.

 Man in the Middle:- intercepts communication between two

parties. The goal is to steal personal information, such as login credentials,
account details, and credit card numbers. 39
 Cont.…
 Web Attacks.

 Phishing:- An evil website pretends to be a trusted website.

 Example:- You type, by mistake, “mibank.com” instead of

“mybank.com”.
 mibank.com designs the site to look like mybank.com so the
user types in their info as usual.
 BAD! Now an evil person has your info!.

 Cross Site Scripting:- Writing a complex JavaScript program that

steals data left by other sites that you have visited in same browsing
session.
40
 Security policies and mechanisms
 Policy:- a statement of what is, and is not allowed.

 Security Mechanism:- a procedure, tool, or method of enforcing a

policy. E.g.
 Encryption.

 Authentication.

 Authorization.

 Auditing.

 Security mechanisms implement functions that help prevent, detect, and

respond to recovery from security attacks.

41
 Cont.…
 Authentication:- assurance that the communicating entity is the one
claimed.

 Access Control:- prevention of the unauthorized use of a resource.

 Data Confidentiality:- protection of data from unauthorized disclosure.

 Data Integrity:- assurance that data received is as sent by an authorized

entity.

 Non-Repudiation:-protection against denial by one of the parties in a

communication.
 Data encryption:- is the translation of data into a form that can not be read
without a deciphering mechanism.

 A password:- is a secret word or phrase that gives a user access to a 42

 Security model

 Security model:- is a scheme for specifying and enforcing

security policies.

 Security models offer a blueprint for how security should

be applied within organizations to ensure data confidentiality for
both organizations and their consumers.
 A security model may be founded upon a formal model of
access rights, a model of computation, a model of distributed
computing, or no particular theoretical grounding at all.
 E.g. Network security model.
43
 Cont.…

Network Security Model

44
 Cont.…

 Using this model requires us to:-

 Design a suitable algorithm for the security transformation.

 Generate the secret information (keys) used by the algorithm.

 Develop methods to distribute and share the secret

information.
 Specify a protocol enabling the principals to use the
transformation and secret information for a security service.

45
 Model for Network Access Security

 Using this model requires us to:-

 Select appropriate gatekeeper functions to identify users.

 Implement security controls to ensure only authorised users

access designated information or resources.

 Trusted computer systems can be used to implement this model.

46
 Prevention, detection mechanisms
 Countermeasures can take the form of software, hardware
and modes of behavior. Software countermeasures include:-
 personal firewalls.
 anti-virus software.
 pop-up blockers.
 Spyware detection/removal programs.

 The most common hardware countermeasure is

a router that can prevent the Ip address of an individual

computer from being directly visible on the Internet.

47
 Cont.…

 Other hardware countermeasures include:-

 Biometric authentication systems.

 Physical restriction of access to computers and peripherals.

 Intrusion detectors:- a security tool that monitors network traffic and

devices for suspicious activity, known threats, or security policy violations.

 Alarms.

48
 Cont.…
 Behavioral counter measures include:-

 Frequent deletion of stored cookies and temporary files from Web

browsers.

 Regular scanning for viruses and other malware.

 Regular installation of updates and patches for operating systems.

 Refusing to click on links that appear within e-mail messages.

 Don’t open e-mail messages and attachments from unknown senders.

 Staying away from questionable Web sites.

 Regularly backing up data on external media.

49
 Software Security Assurance

 Software security assurance (SSA) is an approach to

designing, building, and implementing software that
addresses security needs.

 Transparency is critical with SSA because it provides a high level

of trust that an application performs as intended without any
unexpected functions that could lead to security compromises.

 The benefits of SSA extend from the companies that

develop software to the end users of that software.

50
 Cont.…

 Today’s digitally-powered businesses often depend on

integrating multiple software components. Poor security in

any of these components could either bring the store
offline or put customer data at risk.

 For software-led businesses that sell software to other companies

or users, SSA increases trust in your code.

 SSA can significantly reduce the likelihood of breaches or

compromises from basic security mistakes.

51
 Cont.…
 SSA, however, is an entire secure-by-design code that evaluates
security concerns based on the software’s tasks, the data it will
handle, and the vulnerabilities that could be present.

 Software security assurance also differs from quality assurance in that

the latter is about ensuring software engineering processes meet
defined policies and standards, usually through testing.

 Security assurance, on the other hand, is all about ensuring

that software follows to its security requirements and doesn’t
include any functionality that could compromise security.

52
 How Software Security Assurance Works

 Three standard techniques that companies use to ensure software

security include:-

 1. Security by design:- in software engineering, means that

software products and capabilities have been designed to be
foundationally secure.

 Security design also puts safeguards that prevent lateral

movement and make it easier to detect any compromises.

53
 Cont.…

 2. Continuous Reviews:- With modern development practices

driven by DevOps approaches, frequent updates are made to add
new software functionality. This makes software security
assurance an ongoing process.

 With any new patch or update, development teams need to

evaluate changing security needs based on the dynamic
nature of their software.

54
 Cont.…

 3. Penetration testing:- Sometimes, vulnerabilities or

weaknesses exist within code and are hard to identify without
expert opinions. Penetration testing before release provides
an additional guarantee of security by simulating a cyber
attack on an application and probing for any potentially
exploitable weaknesses.

 The responsibility ultimately lies to ensure faulty software isn’t

used or deployed within their company.

55
 Benefits of SSA

 SSA protects against malware, injections, brute force hacks, and

other cyber threats so that intended users (whether customers or
business partners) can be confident in a given application.

 SSA helps you to adopt a security-by-design approach.

 Security by design helps businesses confidently deploy the
essential apps they depend on without fear of exposure to
vulnerabilities.

56
 Cont.…

 SSA helps you to launch successful software.

 penetration testing is so crucial in SSA by going the extra mile
to ensure applications have been assessed for even the most
complex vulnerabilities.

 SSA helps to ensure that your product (and company) can scale.
 Prioritizing security during application planning can account for
and help the app scale by considering security needs from the
outset and implementing measures that will facilitate growth
without introducing additional risks.
57
End.

58