COMPUTER SECURITY A. OBJECTIVE    

Understand computer security and its policies, procedure and tools. Define malicious programs and its effects List various ways to protect computer system Differentiate between authentication and identification

What is Computer Security? Computer security refers to the protection given to computers and information contained in them from unauthorised access. B. Why computer security? We need to protect  Our data  Our ability to use our computer (Denial of service attacks)  Running Malware and malicious code on your machine C. Properties of computer security Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization. The model is also sometimes referred to as the AIC triad (availability, integrity, and confidentiality) to avoid confusion with the Central Intelligence Agency which is also known as CIA. 1. Confidentiality Confidentiality means something that is secret and is not supposed to be disclosed to unintended people or entities. Some measures to keep your information confidential are :  Encryption: encryption is the process of scrambling text (called cipher text) to render it unreadable to unauthorized users. You can encrypt individual files, folders, etc.  Password: password is a set of secret characters or words used to authenticate access to a digital system.

 Two-factor authentication: Two-factor authentication (2fa) is a method of establishing access to an online account or computer system that requires the user to provide two different types of information.  Bio-metric: Biometrics authentication (or realistic authentication) is used in computer as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance. 2. Integrity Integrity is the assurance that the information is trustworthy and accurate. It means that when a sender sends data, the receiver must receive exactly the same data as sent by the sender. Measures to maintain the integrity of information include:  Encryption: Encryption does not provide integrity; a tampered message can (usually) still decrypt, but the result will usually be garbage  User Access Controls: It refers to the management of user accounts, particularly those with special access privileges, to protect against misuse and unauthorized access.  Version Control: Version control is a system that records changes to a file or set of files over time so that you can recall specific versions later.  Backups: The purpose of any data backup is to protect data integrity. Periodically backing up application data allows a Server Administrator to recover from problems or to roll back a database to a prior point in time. 3. Availability Availability is a guarantee of reliable access to the information by authorized people. Measures to mitigate threats to availability include:  Off-site backups: off-site backup, data moving across the public internet to a cloud provider's server should be encrypted at the original location, in transit and at rest on the provider's server.

 Disaster recovery: Disaster recovery (DR) is an area of security planning that aims to protect an organization from the effects of significant negative events.  Redundancy: Redundancy is an operational requirement of the data center that refers to the duplication of certain components or functions of a system so that if they fail or need to be taken down for maintenance  Failover: failover define as the ability for client connections to migrate from one server to another in event of server failure so client applications can continue to operate D. Security Threats Security Threat is defined as a risk that which can potentially harm computer systems and organization. Common Security Threats  Errors and Omissions: These are important threats to data and system integrity. These errors are caused not only by data entry operators, processing hundreds of transactions per day, but also by users who create and edit a data.  Fraud and theft: are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.  Loss of physical and infrastructural support : The infrastructural support includes power failures, loss of communications, water outages and leaks, lack of transportation service, natural calamity  Hackers and crackers: Hackers constantly seek further knowledge; freely share what they have discovered, and never intentionally damage data. A cracker is one who breaks into or otherwise violates the system integrity of remote machines with malicious intent. E. Malicious software Malicious Software refers to any malicious program that causes harm to a computer system or network. These software attacks a computer or network in the form of viruses, worms, trojan, spyware etc.

1. Virus Viruses are programs, which are designed to replicate, attach to other programs and perform unsolicited and malicious actions. Different types of viruses  Boot sector: It infects the master boot record (MBR) on a computer. This viruses first move or overwrite the original boot code with infected one then move the original boot code sector information to another sector on the disk. It is difficult to detect since the boot sector is the first programme i.e. loaded when a computer starts. e.g. Michelangelo, stoned etc  File Infecting: They reside inside the memory and infect most of the executable files on a system. File-infecting viruses infect files with extension .com and .exe of MS_dos format. Viruses spread when the software or documents they get attached to are transferred from one computer to another using a network, a disk, file sharing methods, or through infected e-mail attachments. e.g. Snow, cascade etc  Polymorphic: It is static virus program that get copied from file to file. It encrypt their codes and use different encryption keys every time. It is a type of malware that constantly changes its identifiable features in order to evade detection e.g. Elkern, dark avenger etc.  Stealth: It is a hidden computer virus that attacks operating system processes and averts typical anti-virus or anti-malware scans. These viruses hide in files, partitions and boot sectors and are adept at deliberately avoiding detection. It can hide in legitimate files, boot sectors, and partitions. e.g. Brain  Multipartite: It is virus that's able to attack both the boot sector and executable files of an infected computer. It is a fastmoving virus that uses file infectors or boot infectors to attack the boot sector. Class of virus that have segmented nucleic acid genomes, with each segment of the genome enclosed in a separate viral particle. e.g. Tequila

2. Malicious codes and software Malicious codes are the software programs that generate threats to the computer system and precious data. The code can be in the form of worms, Trojan horses, logic bombs and other ‘uninvited’ virus. 1. Worm: It is also a destructive program that fills a computer system with self-replicating information, clogging the system so that its operations are slowed down or stopped. Eg. Code red 2. Trojan Horse: Trojan Horse is a destructive program. These program enters into a computer through an e-mail or free program downloaded from internet If executed, computer system will be damaged. eg backdoor 3. Logic bomb: A logical bomb is a destructive program that performs an activity when a certain action has occurred. It is program or portion of program piece which lies dormant until specific piece of program logic is activated. e.g. Michelangelo’s birth date F. Affecting computer system 1. How virus spreads:  Virus is designed to proliferate and propagate in computer network. This means any contact between two or computers is an opportunity for infection.  Unauthorized users break into a computer system and easily cause destruction by planting virus in the most sensitive locations of the computer.  Virus can be spread through infected software transmitted from disk, network, e- mail, or other storage devices. 2. Protecting Computer system  Always update your anti-virus software at least weekly.  Back up your important files and ensure that they can be restored.  Change the computer's boot sequence to always start the PC from its hard drive

 Don't share Drive C: without a password and without read-only restrictions.  Empty floppy drives of diskettes before turning on computers, especially laptops  Forget opening unexpected e-mail attachments, even if they're from friends  Get trained on your computer's anti-virus software and use it.  Have multiple backups of important files. This lowers the chance that all are infected.  Install security updates for your operating system and programs as soon as possible  Jump at the chance to learn more about your computer. This will help you spot viruses G. Users Identification and authentication Identification is the means through which user provides a claimed identity to the system. Authentication refers to establishing value of the claim. Computer system uses the data authentication for recognizing people There are three ways of authenticating users’ identity. These can be done using alone or in combination with others. 1. User Requirements ( Password, PIN, Cryptographic key) 2. Users Possessions (ATM card, Smart Card) 3. Users Biometric (Voice pattern, handwriting dynamics, fingerprints) 1. User Requirements The most common form of information and authentication is the combination of user ID and password.  Finding passwords If the user creates a password, he may tend to make it easy to remember. On other hand, assigned password may be difficult to remember, so users are more likely to write them down. Both cases to finding of password unauthorized users become easier.  Giving Passwords Users may share their password with others for sharing files. In addition people can be trickle into divulging their password.  Electronic Monitoring When passwords are transmitted to a computer system, they can be electronically monitored. This can happen on the network used to transmit the passwords on the computer system itself.

2. Users Possessions  Memory tokens Memory tokens are meant for storing information. The most common types of memory tokens are credit cards. A common application of memory tokens for authentication to computer system is the automatic teller machine (ATM) Card. Memory tokens when used with PIN provide significantly more security than passwords. A hacker must have both valid token and corresponding PIN to pretend someone else.  Smart tokens A smart token requires the user to provide something the user to provide something the user know (PIN or password) in order to unlock the smart token for use 3. Biometric Technique Biometric technologies are defined as the “automated method of identifying or authenticating the identity of a human based on physiological or behavioral characteristics”. A number of biometric technologies have developed and are used to authenticate the person’s identity  Common examples are o Fingerprint scanning It uses the fingerprint scanner to get an image of user’s finger. The user simply places the finger on a glass plate and a CCD (charged couple device) camera takes a picture. Before matching the print to pre-scanned images, the scanner processor makes sure the CCD has captured a clear image. It examines the average pixel darkness and rejects the scan if the overall image is too dark or too light. There are a number of different ways to get an image of user’s finger. The most common methods today are optical scanning and capacitance scanning. o Retinal scanning It uses a low-intensity light source and a delicate sensor to scan the pattern of blood vessels at the back of the retina, a pattern unique to each individual. This pattern is then matched against

the one existing in the database. During a retinal scan, the user must remove glasses, stare at a specific point, and hold their head still for the 10-15 seconds it takes to complete the scan. o Voice or Sound Recognition Voice of a human is one more attribute which is unique. In this technique, the user speaks into the microphone, and an analog-to-digital converter (ADC) creates digital sound files for the VR program to work with. Then the VR programs accept the digital recording and parse it into small, recognizable speech bits called phonemes. Once the program has identified the phonemes, it begins a complex process of identification and analysis, comparing each string of recorded phonemes against the one recorded in its memory. The VR program provides the output on the screen o Hand Geometry In this technique, the geometric shape of the hand – size of the palm, length and width of the fingers, the distance between the knuckles, etc are used. It uses the geometry scanner; the user simply puts his or her hand onto a platen which consists of 5 pegs that help the user to position their fingers properly.