computer security - vikassolanke.files.wordpress.com · computer security risk and threat analysis...

COMPUTER SECURITY

Definition : “Computer Security is the protection of computing systems and the data that they store or access.”

Need For Security:

Information is a strategic resource

A significant portion of organisational budget is spent on managing information

There are many types of information have several security related objectives

confidentiality (secrecy) - protect info value

integrity - protect info accuracy

availability - ensure info delivery

COMPUTER SECURITY Risk and Threat Analysis : Define

Asset : “a useful or valuable thing”

Vulnerability: A system that can leave it open to attack .

A vulnerability may also refer to any type of weakness in a computer system itself, in a set of procedures, or in anything that leaves information security exposed to a threat.

Threats : “Anything that has the potential to cause serious harm to a computer system”

A threat is something that may or may not happen, but has the potential to cause serious damage.

Marathwada Mitra Mandal's Polytechnic

Risk: Risk is the possibility or chance of loss,

danger or injury.

Counter measures: A countermeasure is an

action, process, device, or system that can

prevent, or mitigate the effects of, threats to a

computer, server or network. In this context, a

threat is a potential or actual adverse event

that may be malicious or incidental, and that

can compromise the assets of an enterprise or

the integrity of a computer or network.


http://whatis.techtarget.com/definition/server

Basic Principles

Security basic : CIAAN

Authentication : Process ensures that the origin

of the data/message is correctly identified.

Confidentiality: No unauthorized persons should

able to view data and only those who have

authority can view or use that data.

Integrity : only authorized person can able to

generate view and modify the data.

Availability : System[Data/Information] should be

available itself when authorized person access it

at any time.Marathwada Mitra Mandal's Polytechnic

Non-Repudiation : Non repudiation does not

allow sender to refuses the claim of not

sending messages.

Access Control: Access control is a security

technique that can be used to regulate who or

what can view or use resources in a

computing environment.


Network Security Model


Passive Attack


Active Attack


Types of attack

Passive attack: These types of attack will learn

and make use of information without affecting

system resources.

Active Attack : These types of attack will alter

system resources or will affect there operation.

Inside attack [insider]: these types of attack is

carried out by user inside organization. These

are the authorized users to access the system

resources


Out side Attack [An outsider]:Out sider can be any unauthorized user who is from outside the organization.

:Define following terms:

Assets: Assets is any thing which has some value. In computer world assets is Data, devices, hardware software, information etc.

Vulnerability: it is weakness in the system.

Threats: Threats is an action taken by attacker who try to exploit vulnerabilities to damage assets


Risk is an incident or attack that can cause

damage to system.

An attack against a system can be done by

sequences of actions, exploiting weak point

until attackers goal is not achieved,

Risk Assets Threats Vulnerabilities


Threats to security Disclosure of information: Unauthorized access

to information.

Deception: Access of wrong data.

Disruption: prevention of correct action.


Virus [Pnb,mom, some PC]

Virus is a code or program that attaches itself to another code or program which cause damage to computer system or to computer network.

Virus is a piece of code or program which is loaded into the computer without individuals knowledge and run against his/her wishes.

All computer viruses are man made. Any simple virus can make copy of itself over and over.


Any simple virus can be dangerious because

it will quickly use all available memory space

and bring a system to hang.

Types of virus:

Parasitic virus : It attach itself to execute

code and replicate itself. When infected code

is executed then it will find another program

to infect.

Memory resident virus: This type of virus lives

in the memory after execution. It insert itself

as a part of operating system and manipulate

any file that is executable.


Non resident virus: This type of virus execute itself and terminate after some time.

Boot sector virus: This type of virus infect boot record and spread through a system when system is booted from disk.

Overwriting virus: This type of virus overwrites the code with it’s own code.

Stealth virus: It is the virus which hides the modification it has made in the file or boot record.

Macro virus: This virus is not executable iraffect Microsoft word document, they can spread through email.


Polymorphic virus :it produces fully operational copies of itself in attempt to avoid signature detection.

Companion virus: This is the virus which creates a new program instead of modifying an existing file.

Email Virus: Virus gets executed when email attached is open by recipient, Virus send itself to every one on the mailing list of sender.

Metamorphic virus: This type of virus keeps rewriting itself every time, it may change there behavior as well appearance code.


Phases of virus [life cycle of virus]

Dormant phase: The virus is idle and activated by some event.

Propagation phase: It places an identical copy of itself into other programs or into certain system areas on the disk.

Triggering phase: The virus is activated to perform the function for which it was intended.

Execution phase: The function of virus is performed


Worms

Worms is a malicious program that spread them automatically.

First worm was appeared in 1988, A graduate student Robert Morris created first worm program. And spread on internet. It slowdown near about 6000 connection at that time.

Worm spread through computer to computer without human interaction unlike virus

Worms spread through network, and spread rapidly.


Worms are designed in such a way that it

replicate itself and move through network.

Worm spread much faster then virus.

Worm doesn't require host file to move

from network.

Worm can delete files , encrypt file and slow

the internet connection.


Backdoors Backdoor in a computer system is a method of

bypassing normal authentication, securing remote access to a computer.

Backdoor is a program installed in computer with other software unknown to the user. Or could be modify existing program or hardware device.

There are several backdoor programs used by hackers. These are likely automated tools, which carry intended job.

To avoid such types of attack you have to check which program we installed freely from internet.


Trapdoors These are the programs which are stored in the

targeted system, this program allow easy accessto hacker in targeted system or give sufficientaccess information about the targeted to carryout attack.

Trap door is a secret entry point into computerand user are not aware about trap door .

In many cases trap door can use access toapplication which has high security.

Some times intestinally insert the trap door tocheck the programs security.

It is impossible to remove so only way toformatting the system.


Sniffing A network sniffers is a software or hardware

device that is used to observe traffic that is passes through network on shared broadcast media.

The devise can be used to view all traffic or it can targeted a specific protocol.

It can also targeted string like user id or password.

There are following Types:

◦ Network Sniffers -Packet sniffers.


Network sniffers: can view all traffic and modify also.

Such traffic can be used by the administrators to

observer traffic for performance, traffic analysis and

to determine which segment are most active .

It is also used for network bandwidth analysis and

troubleshoot certain problem.

This tool can be used by attackers to gather

information that can used for penetration.

Through this attack attacker get password, email

contents as mail passes through network.


Packet sniffers: This type of sniffers can be

used by the system administrator to check

network problem.

N/W administrator can find error containing

packet to solve problem like bottleneck.

Packet sniffers just capture packet to collect

data.


Spoofing Attack

Spoofing is making similar to it has come from

a different sources.

This is possible in TCP/IP.

When packet is send from one system to

another it include only destination IP address ,

port too, and source IP address.

And attackers take same to attacks.


Types of SpoofingURL and Phishing

This kind of spoofing is web spoofing also known as phishing. In this attack same web page of spoofing website like bank is reproduced which is same as of original web in look and feel , but under control of attacker.

Main intend is to fool the user into thinking that they are connected to a trusted web site , for instance to get the user name and password.

This type of attack is performed with the use of URL spoofing, which display incorrect URL in address bar.

Once the user put User Id and Password, attacker code report error and redirect to original site.

Attacker get user Id and password, still user do not know it as user is connected to trusted site also.


Email ID Spoofing: Sender information shown inthe email can spoofed easily. Email spoofing referto the email that appears to have original sourcebut it was send from another source.

Best example is email spoofing and junk mails.

IP address spoofing :

IP protocol is designed to work to have originalIP ‘from’ portion of the packet.

There is no system to prevent inserting anotherIP address.

The attacker send one packet and able togenerate 254 responses at the specific target.

Target system become overload wit volume ofresponses.


Man in The Middle Attack A main in middle attack generally occur when

attacker are place themselves of two other hosts.

That are communicating in order to view and modify

the traffic.


In man in middle attack an unauthorized

connection between two nodes on the

computer network is routed illegally through

the node of attacker.

Attacker must be able to intercept all

messages going between the two victims and

inject new ones.

Most cryptographic protocols include some of

end point authentication used to prevent

MITM


Encryption Attacks

Encryption is the process of transforming plaintext into an unreadable format called as cipher text.

Most encryption processes use some key, key is used in mathematical process to convert message and another key is used to decrypt message.

Some attackers try to break the cryptographic system it is an attack on specific method used for encryption.

Attackers are the part of Cryptanalyst which is the art of decrypting data.


Replay Attack

In replay attack an attacker captures a sequence of

events or some data units and resends them.

For example suppose user A wants to transfer some

amount to user C’s bank account.

Both users A and C have account with bank B

User A might send an electronic message to bank B

requesting for fund transfer .


User C could capture this message and send a

copy of the same to bank B.

Bank B would have no idea that this is an

unauthorized message and would treat this as

a second and different fund transfer request

from user A.

So C would get the benefit of the fund

transfer twice.-once authorized and once

through a replay attack.


Logical Bombs

Time Bomb


Model of Security

**You can also write answer as CIA


computer security - vikassolanke.files.wordpress.com · computer security risk and threat analysis...

Documents