computer security - vikassolanke.files.wordpress.com · computer security risk and threat analysis...
TRANSCRIPT
COMPUTER SECURITY
Definition : “Computer Security is the protection of computing systems and the data that they store or access.”
Need For Security:
Information is a strategic resource
A significant portion of organisational budget is spent on managing information
There are many types of information have several security related objectives
confidentiality (secrecy) - protect info value
integrity - protect info accuracy
availability - ensure info delivery
COMPUTER SECURITY Risk and Threat Analysis : Define
Asset : “a useful or valuable thing”
Vulnerability: A system that can leave it open to attack .
A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.
Threats : “Anything that has the potential to cause serious harm to a computer system”
A threat is something that may or may not happen, but has the potential to cause serious damage.
Marathwada Mitra Mandal's Polytechnic
Risk: Risk is the possibility or chance of loss,
danger or injury.
Counter measures: A countermeasure is an
action, process, device, or system that can
prevent, or mitigate the effects of, threats to a
computer, server or network. In this context, a
threat is a potential or actual adverse event
that may be malicious or incidental, and that
can compromise the assets of an enterprise or
the integrity of a computer or network.
Marathwada Mitra Mandal's Polytechnic
Basic Principles
Security basic : CIAAN
Authentication : Process ensures that the origin
of the data/message is correctly identified.
Confidentiality: No unauthorized persons should
able to view data and only those who have
authority can view or use that data.
Integrity : only authorized person can able to
generate view and modify the data.
Availability : System[Data/Information] should be
available itself when authorized person access it
at any time.Marathwada Mitra Mandal's Polytechnic
Non-Repudiation : Non repudiation does not
allow sender to refuses the claim of not
sending messages.
Access Control: Access control is a security
technique that can be used to regulate who or
what can view or use resources in a
computing environment.
Marathwada Mitra Mandal's Polytechnic
Network Security Model
Marathwada Mitra Mandal's Polytechnic
Passive Attack
Marathwada Mitra Mandal's Polytechnic
Active Attack
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Types of attack
Passive attack: These types of attack will learn
and make use of information without affecting
system resources.
Active Attack : These types of attack will alter
system resources or will affect there operation.
Inside attack [insider]: these types of attack is
carried out by user inside organization. These
are the authorized users to access the system
resources
Marathwada Mitra Mandal's Polytechnic
Out side Attack [An outsider]:Out sider can be any unauthorized user who is from outside the organization.
:Define following terms:
Assets: Assets is any thing which has some value. In computer world assets is Data, devices, hardware software, information etc.
Vulnerability: it is weakness in the system.
Threats: Threats is an action taken by attacker who try to exploit vulnerabilities to damage assets
Marathwada Mitra Mandal's Polytechnic
Risk is an incident or attack that can cause
damage to system.
An attack against a system can be done by
sequences of actions, exploiting weak point
until attackers goal is not achieved,
Risk Assets Threats Vulnerabilities
Marathwada Mitra Mandal's Polytechnic
Threats to security Disclosure of information: Unauthorized access
to information.
Deception: Access of wrong data.
Disruption: prevention of correct action.
Marathwada Mitra Mandal's Polytechnic
Virus [Pnb,mom, some PC]
Virus is a code or program that attaches itself to another code or program which cause damage to computer system or to computer network.
Virus is a piece of code or program which is loaded into the computer without individuals knowledge and run against his/her wishes.
All computer viruses are man made. Any simple virus can make copy of itself over and over.
Marathwada Mitra Mandal's Polytechnic
Any simple virus can be dangerious because
it will quickly use all available memory space
and bring a system to hang.
Types of virus:
Parasitic virus : It attach itself to execute
code and replicate itself. When infected code
is executed then it will find another program
to infect.
Memory resident virus: This type of virus lives
in the memory after execution. It insert itself
as a part of operating system and manipulate
any file that is executable.
Marathwada Mitra Mandal's Polytechnic
Non resident virus: This type of virus execute itself and terminate after some time.
Boot sector virus: This type of virus infect boot record and spread through a system when system is booted from disk.
Overwriting virus: This type of virus overwrites the code with it’s own code.
Stealth virus: It is the virus which hides the modification it has made in the file or boot record.
Macro virus: This virus is not executable iraffect Microsoft word document, they can spread through email.
Marathwada Mitra Mandal's Polytechnic
Polymorphic virus :it produces fully operational copies of itself in attempt to avoid signature detection.
Companion virus: This is the virus which creates a new program instead of modifying an existing file.
Email Virus: Virus gets executed when email attached is open by recipient, Virus send itself to every one on the mailing list of sender.
Metamorphic virus: This type of virus keeps rewriting itself every time, it may change there behavior as well appearance code.
Marathwada Mitra Mandal's Polytechnic
Phases of virus [life cycle of virus]
Dormant phase: The virus is idle and activated by some event.
Propagation phase: It places an identical copy of itself into other programs or into certain system areas on the disk.
Triggering phase: The virus is activated to perform the function for which it was intended.
Execution phase: The function of virus is performed
Marathwada Mitra Mandal's Polytechnic
Worms
Worms is a malicious program that spread them automatically.
First worm was appeared in 1988, A graduate student Robert Morris created first worm program. And spread on internet. It slowdown near about 6000 connection at that time.
Worm spread through computer to computer without human interaction unlike virus
Worms spread through network, and spread rapidly.
Marathwada Mitra Mandal's Polytechnic
Worms are designed in such a way that it
replicate itself and move through network.
Worm spread much faster then virus.
Worm doesn't require host file to move
from network.
Worm can delete files , encrypt file and slow
the internet connection.
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Backdoors Backdoor in a computer system is a method of
bypassing normal authentication, securing remote access to a computer.
Backdoor is a program installed in computer with other software unknown to the user. Or could be modify existing program or hardware device.
There are several backdoor programs used by hackers. These are likely automated tools, which carry intended job.
To avoid such types of attack you have to check which program we installed freely from internet.
Marathwada Mitra Mandal's Polytechnic
Trapdoors These are the programs which are stored in the
targeted system, this program allow easy accessto hacker in targeted system or give sufficientaccess information about the targeted to carryout attack.
Trap door is a secret entry point into computerand user are not aware about trap door .
In many cases trap door can use access toapplication which has high security.
Some times intestinally insert the trap door tocheck the programs security.
It is impossible to remove so only way toformatting the system.
Marathwada Mitra Mandal's Polytechnic
Sniffing A network sniffers is a software or hardware
device that is used to observe traffic that is passes through network on shared broadcast media.
The devise can be used to view all traffic or it can targeted a specific protocol.
It can also targeted string like user id or password.
There are following Types:
◦ Network Sniffers -Packet sniffers.
Marathwada Mitra Mandal's Polytechnic
Network sniffers: can view all traffic and modify also.
Such traffic can be used by the administrators to
observer traffic for performance, traffic analysis and
to determine which segment are most active .
It is also used for network bandwidth analysis and
troubleshoot certain problem.
This tool can be used by attackers to gather
information that can used for penetration.
Through this attack attacker get password, email
contents as mail passes through network.
Marathwada Mitra Mandal's Polytechnic
Packet sniffers: This type of sniffers can be
used by the system administrator to check
network problem.
N/W administrator can find error containing
packet to solve problem like bottleneck.
Packet sniffers just capture packet to collect
data.
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Marathwada Mitra Mandal's Polytechnic
Spoofing Attack
Spoofing is making similar to it has come from
a different sources.
This is possible in TCP/IP.
When packet is send from one system to
another it include only destination IP address ,
port too, and source IP address.
And attackers take same to attacks.
Marathwada Mitra Mandal's Polytechnic
Types of SpoofingURL and Phishing
This kind of spoofing is web spoofing also known as phishing. In this attack same web page of spoofing website like bank is reproduced which is same as of original web in look and feel , but under control of attacker.
Main intend is to fool the user into thinking that they are connected to a trusted web site , for instance to get the user name and password.
This type of attack is performed with the use of URL spoofing, which display incorrect URL in address bar.
Once the user put User Id and Password, attacker code report error and redirect to original site.
Attacker get user Id and password, still user do not know it as user is connected to trusted site also.
Marathwada Mitra Mandal's Polytechnic
Email ID Spoofing: Sender information shown inthe email can spoofed easily. Email spoofing referto the email that appears to have original sourcebut it was send from another source.
Best example is email spoofing and junk mails.
IP address spoofing :
IP protocol is designed to work to have originalIP ‘from’ portion of the packet.
There is no system to prevent inserting anotherIP address.
The attacker send one packet and able togenerate 254 responses at the specific target.
Target system become overload wit volume ofresponses.
Marathwada Mitra Mandal's Polytechnic
Man in The Middle Attack A main in middle attack generally occur when
attacker are place themselves of two other hosts.
That are communicating in order to view and modify
the traffic.
Marathwada Mitra Mandal's Polytechnic
In man in middle attack an unauthorized
connection between two nodes on the
computer network is routed illegally through
the node of attacker.
Attacker must be able to intercept all
messages going between the two victims and
inject new ones.
Most cryptographic protocols include some of
end point authentication used to prevent
MITM
Marathwada Mitra Mandal's Polytechnic
Encryption Attacks
Encryption is the process of transforming plaintext into an unreadable format called as cipher text.
Most encryption processes use some key, key is used in mathematical process to convert message and another key is used to decrypt message.
Some attackers try to break the cryptographic system it is an attack on specific method used for encryption.
Attackers are the part of Cryptanalyst which is the art of decrypting data.
Marathwada Mitra Mandal's Polytechnic
Replay Attack
In replay attack an attacker captures a sequence of
events or some data units and resends them.
For example suppose user A wants to transfer some
amount to user C’s bank account.
Both users A and C have account with bank B
User A might send an electronic message to bank B
requesting for fund transfer .
Marathwada Mitra Mandal's Polytechnic
User C could capture this message and send a
copy of the same to bank B.
Bank B would have no idea that this is an
unauthorized message and would treat this as
a second and different fund transfer request
from user A.
So C would get the benefit of the fund
transfer twice.-once authorized and once
through a replay attack.
Marathwada Mitra Mandal's Polytechnic
Logical Bombs
Time Bomb
Marathwada Mitra Mandal's Polytechnic
Model of Security
**You can also write answer as CIA
Marathwada Mitra Mandal's Polytechnic