Chapter Six

Introduction to Computer Security

Security: The prevention and protection of computer assets from unauthorized access, use,
alteration, degradation, destruction, and other threats.

 Computer systems should have a set of protection policies to restrict and control the
system resources.
 Considering:
o Unauthorized access
o Malicious modification or destruction
o Accidental introduction of inconsistency

Security Goals

 Data Confidentiality
o It is concerned with having secret data remain secret
 Data Integrity
o Unauthorized users should not be able to modify any data without the owner’s
permission
o Includes removing data and adding false data
 System Availability
o Means nobody can disturb the system to make it unusable
Security is thus based on the following independent issues:

 Privacy - the ability to keep things private/confidential

 Trust - do we trust data from an individual or a host? Could they be used
against us?
 Authenticity - are security credentials in order? Are we talking to whom? We
think we are talking to, privately or not.

1
  Integrity - has the system been compromised/altered already?

Why Computer Security?

Computer security is required because computer systems are vulnerable to many threats that can
inflict various types of damage resulting in significant losses. This damage can range from errors
harming database integrity to fires destroying entire computer centers. There may be several
forms of damage, which are obviously interrelated. These include:

 Damage or destruction of computer systems.

 Damage or destruction of internal data.
 Loss of sensitive information to hostile parties.
 Use of sensitive information to steal items of monetary value.
 Use of sensitive information against the organization's customers, which may result in
legal action by customers against the organization and loss of customers.
 Damage to the reputation of an organization.
 Monetary damage due to loss of sensitive information, destruction of data, hostile use of
sensitive data, or damage to the organization's reputation.
 Losing the ability to use the system

Security Threats

A threat is a potential violation of security. The effects of various threats vary considerably:
some affect the confidentiality or integrity of data while others affect the availability of a system.

A computer security threat can be any person, act, or object that poses a danger to computer
security. Generally, environments can be hostile because of

 Physical threats - weather, natural disaster, bombs, power failures, etc.

 Human threats - stealing, trickery, bribery, spying, sabotage, accidents.
 Software threats - viruses, Trojan horses, logic bombs, denial of service,
trapdoor.

2
 1. Fraud and Theft

Computer systems can be exploited for both fraud and theft both by "automating" traditional
methods of fraud and by using new methods. For example, individuals may use a computer to
skim small amounts of money from a large number of financial accounts, assuming that small
discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems
that control access to any resource are targets (e.g., time and attendance systems, inventory
systems, school grading systems, and long-distance telephone systems). Insiders or outsiders can
commit computer fraud and theft. Insiders (i.e., authorized users of a system) are responsible for
the majority of fraud.

Since insiders have both access to and familiarity with the victim computer system (including
what resources it controls and its flaws), authorized system users are in a better position to
commit crimes. Insiders can be both general users (such as clerks) and technical staff members.
An organization's former employees, with their knowledge of an organization's operations, may
also pose a threat, particularly if their access is not terminated promptly.

2. Loss of Physical and Infrastructure Support

The loss of supporting infrastructure includes power failures (outages, spikes, and brownouts),
loss of communications, water outages and leaks, sewer problems, lack of transportation
services, fire, flood, civil unrest, and strikes.

3. Malicious Hackers

The term malicious hackers, sometimes called crackers, refer to those who break into computers
without authorization. They can include both outsiders and insiders. Much of the rise of hacker
activity is often attributed to increases in connectivity in both government and industry. One
1992 study of a particular Internet site (i.e., one computer system) found that hackers attempted
to break in at least once every other day. The hacker threat should be considered in terms of past
and potential future damage. Although current losses due to hacker attacks are significantly
smaller than losses due to insider theft and sabotage, the hacker problem is widespread and
serious.

3
 4. Threats to Personal Privacy

The accumulation of vast amounts of electronic information about individuals by governments,

credit bureaus, and private companies, combined with the ability of computers to monitor,
process, and aggregate large amounts of information about individuals have created a threat to
individual privacy. The possibility that all of this information and technology may be able to be
linked together has arisen as a specter of the modern information age.

5. Malicious Code

Malicious code refers to viruses, worms, Trojan horses, logic bombs, and other "uninvited"
software. Sometimes mistakenly associated only with personal computers, malicious code can
attack other platforms.

4
  Viruses

Virus is self-duplicating computer program that interferes with a computer's hardware or

operating system (the basic software that runs the computer). Viruses are designed to duplicate
or replicate them to avoid detection. Like any other computer program, a virus must be executed
for it to function—that is, it must be located in the computer's memory, and the computer must
then follow the virus's instructions. These instructions are called the payload of the virus. The
payload may disrupt or change data files, display an irrelevant or unwanted message, or cause
the operating system to malfunction.

There are five categories (types) of viruses, they are: parasitic or file viruses, bootstrap sector,
multi-partite, macro, and script viruses.

 Worms

Worm is a program that propagates itself across computers, usually by spawning copies of itself
in each computer's memory. A worm might duplicate itself in one computer so often that it
causes the computer to crash. Sometimes written in separate “segments,” a worm is introduced
surreptitiously into a host system either for “fun” or with intent to damage or destroy
information. The term comes from a science-fiction novel and has generally been superseded by
the term virus. Worms can form segments across a network and damage the network by using its
resources (memory space) highly. The segments of worms across a network can communicate
strengthen their damage.

 Trojan Horses

There are other harmful computer programs that can be part of a virus but are not considered
viruses because they do not have the ability to replicate. These programs fall into three
categories: Trojan horses, logic bombs, and deliberately harmful or malicious software programs
that run within Web browsers, an application program such as Internet Explorer and Netscape
that displays Web sites.

5
A Trojan horse is a program that pretends to be something else. A Trojan horse may appear to be
something interesting and harmless, such as a game, but when it runs it may have harmful
effects. The term comes from the classic Greek story of the Trojan horse found in Homer’s Iliad.

 Bombs

A bomb infects a computer’s memory, but unlike a virus, it does not replicate itself. A logic
bomb delivers its instructions when it is triggered by a specific condition, such as when a
particular date or time is reached or when a combination of letters is typed on a keyboard. A
logic bomb has the ability to erase a hard drive or delete certain files.

Techniques to Reduce Security problems

Backup

Storing backup copies of software and data and having backup computer and communication
capabilities are important basic safeguards because the data can then be restored if it was altered
or destroyed by a computer crime or accident. Computer data should be backed up frequently
and should be stored nearby in secure locations in case of damage at the primary site.
Transporting sensitive data to storage locations should also be done securely.

Encryption

Another technique to protect confidential information is encryption (Encryption, process of

converting messages or data into a form that cannot be read without decrypting or deciphering it.
The root of the word encryption—crypt—comes from the Greek word kryptos, meaning
“hidden” or “secret.”)

Computer users can scramble information to prevent unauthorized users from accessing it.
Authorized users can unscramble the information when needed by using a secret code called a

6
key. Without the key the scrambled information would be impossible or very difficult to
unscramble.

Approved users

Another technique to help prevent abuse and misuse of computer data is to limit the use of
computers and data files to approved persons. Security software can verify the identity of
computer users and limit their privileges to use, view, and alter files. The software also securely
records their actions to establish accountability. Military organizations give access rights to
classified, confidential, secret, or top-secret information according to the corresponding security
clearance level of the user. Other types of organizations also classify information and specify
different degrees of protection.

Passwords

Passwords are confidential sequences of characters that allow approved persons to make use of
specified computers, software, or information. To be effective, passwords must be difficult to
guess and should not be found in dictionaries. Effective passwords contain a variety of characters
and symbols that are not part of the alphabet. To thwart imposters, computer systems usually
limit the number of attempts and restrict the time it takes to enter the correct password.

A more secure method is to require possession and use of tamper-resistant plastic cards with
microprocessor chips, known as “smart cards,” which contain a stored password that
automatically changes after each use. When a user logs on, the computer reads the card's
password, as well as another password entered by the user, and matches these two respectively to
an identical card password generated by the computer and the user's password stored in the
computer in encrypted form. Use of passwords and "smart cards" is beginning to be reinforced
by biometrics, identification methods that use unique personal characteristics, such as
fingerprints, retinal patterns, facial characteristics, or voice recordings.

Firewalls

Computers connected to communication networks, such as the Internet, are particularly

vulnerable to electronic attack because so many people have access to them. Using firewall

7
computers or software placed between the networked computers and the network can protect
these computers. The firewall examines, filters, and reports on all information passing through
the network to ensure its appropriateness. These functions help prevent saturation of input
capabilities that otherwise might deny usage to legitimate users, and they ensure that information
received from an outside source is expected and does not contain computer viruses.

Disaster Recovery Plans

Organizations and businesses that rely on computers need to institute disaster recovery plans that
are periodically tested and upgraded. This is because computers and storage components such as
diskettes or hard disks are easy to damage. A computer's memory can be erased or flooding, fire,
or other forms of destruction can damage the computer’s hardware. Computers, computer data,
and components should be installed in safe and locked facilities.

Anti-viral Tactics

 Preparation and Prevention

Computer users can prepare for a viral infection by creating backups of legitimate original
software and data files regularly so that the computer system can be restored if necessary. Viral
infection can be prevented by obtaining software from legitimate sources or by using a
quarantined computer to test new software—that is, a computer not connected to any network.
However, the best prevention may be the installation of current and well-designed antiviral
software. Such software can prevent a viral infection and thereby help stop its spread.

 Virus Detection

Several types of antiviral software can be used to detect the presence of a virus. Scanning
software can recognize the characteristics of a virus's computer code and look for these
characteristics in the computer's files. Because new viruses must be analyzed as they appear,
scanning software must be updated periodically to be effective. Other scanners search for
common features of viral programs and are usually less reliable. Most antiviral software uses
both on-demand and on-access scanners. On-demand scanners are launched only when the user

8
activates them. On-access scanners, on the other hand, are constantly monitoring the computer
for viruses but are always in the background and are not visible to the user. The on-access
scanners are seen as the proactive part of an antivirus package and the on-demand scanners are
seen as reactive. On-demand scanners usually detect a virus only after the infection has occurred
and that is why they are considered reactive.