Professional Documents
Culture Documents
Computer, Data, Information, Network Security: Introduction and Security Threats
Computer, Data, Information, Network Security: Introduction and Security Threats
Data security is the means of ensuring that data is kept safe from corruption and that access to it
is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting
personal data. Data Security Technologies are:
Disk Encryption
Hardware based Mechanisms for Protecting Data
Backups
Data Masking
Data Erasure
Information Security means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification or destruction.
"Network security" refers to any activity designed to protect the usability and integrity of your
network and data. It includes both hardware and software technologies. Effective network security
manages access to the network. It targets a variety of threats and stops them from entering or
spreading on your network.
The terms information security, computer security and information assurance are frequently
incorrectly used interchangeably. These fields are interrelated often and share the common goals
of protecting the confidentiality, integrity and availability of information; however, there are some
subtle differences between them.
2. Threats to Security
2.1 Viruses: A computer virus is a piece of software that can “infect” other programs by modifying
them;
• The modification includes injecting the original program with a routine to make copies of
the virus program, which can then go on to infect other programs.
A computer virus carries in its instructional code the recipe for making perfect copies of
itself.
pg. 1
Computer Network Security Chapter 1: Introduction and Security Threats
Trigger:
• The event or condition that determines when the payload is activated or delivered.
Payload:
• What the virus does, besides spreading.
• The payload may involve damage or may involve benign but noticeable activity.
During its lifetime, a typical virus goes through the following four phases:
Dormant phase:
• The virus is idle.
• The virus will eventually be activated by some event, such as a date, the presence of another
program or file, or the capacity of the disk exceeding some limit.
• Not all viruses have this stage.
Propagation phase:
• The virus places an identical copy of itself into other programs or into certain system areas
on the disk.
• Each infected program will now contain a clone of the virus, which will itself enter a
propagation phase.
Triggering phase:
• The virus is activated to perform the function for which it was intended.
• As with the dormant phase, the triggering phase can be caused by a variety of system events,
including a count of the number of times that this copy of the virus has made copies of
itself.
Execution phase:
• The function is performed.
• The function may be harmless, such as a message on the screen, or damaging, such as the
destruction of programs and data files.
pg. 2
Computer Network Security Chapter 1: Introduction and Security Threats
2.2 Worm: It is a program that can replicate itself and send copies from computer to computer
across network connections.
• Upon arrival, the worm may be activated to replicate and propagate again.
In addition to propagation, the worm usually performs some unwanted function.
• An e-mail virus has some of the characteristics of a worm because it propagates itself from
system to system.
A worm actively seeks out more machines to infect and each machine that is infected serves as an
automated launching pad for attacks on other machines.
2.3 Intruders: An Intruder is a person who attempts to gain unauthorized access to a system, to
damage that system, or to disturb data on that system. In summary, this person attempts to
violate Security by interfering with system Availability, data Integrity or data Confidentiality.
Three main classes of intruders:
Masquerader: An individual who is not authorized to use the computer and who penetrates a
system’s access controls to exploit a legitimate user’s account
Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is
not authorized, or who is authorized for such access but misuses his or her privileges
Clandestine user: An individual who seizes supervisory control of the system and uses this
control to evade auditing and access controls or to suppress audit collection.
2.4 Insiders:
• An Insider threat is a malicious threat to an organization that comes from people within the
organization, such as employees, former employees, contractors or business associates, who
have inside information concerning the organization's security practices, data and computer
systems.
• The threat may involve fraud, the theft of confidential or commercially valuable information.
• Insiders are more dangerous than outside intruders.
• They have the access and knowledge necessary to cause immediate damage to an organization.
• Most security is designed to protect against outside intruders and thus lies at the
boundary between the organization and the rest of the world.
• Besides employees, insiders also include a number of other individuals who have
physical access
pg. 3
Computer Network Security Chapter 1: Introduction and Security Threats
INTRUDERS INSIDERS
Intruders are authorized or unauthorized users Insiders are authorized users who try to
who are trying to access the system or network. access system or network for which he is
unauthorized.
Intruders are hackers or crackers. Insiders are not hackers.
Intruders are illegal users. Insiders are legal users.
Intruders are less dangerous than Insiders Insiders are more dangerous than Intruders.
Intruders do not have access to system Insiders have easy access to the system
because they are authorized users
Many security mechanisms are used to protect There is no such mechanism to protect
system from Intruders. system from Insider
5. Avenue of Attack
There are two general reasons a particular computer system is attacked: either it is specifically
targeted by the attacker, or it is an opportunistic target. In the first case, the attacker has chosen
the target not because of the hardware or software the organization is running but for another
reason, perhaps a political reason. An example of this type of attack would be an individual in one
pg. 4
Computer Network Security Chapter 1: Introduction and Security Threats
country attacking a government system in another. Second type of attack, an attack against a target
of opportunity, is conducted against a site that has software that is vulnerable to a specific exploit.
7. Security Basics
When we talk about computer security, we mean that we are addressing three important aspects of
any computer-related system: confidentiality, integrity, and availability.
Confidentiality ensures that computer-related assets are accessed only by authorized
parties. That is, only those who should have access to something will actually get that
access. By "access," we mean not only reading but also viewing, printing, or simply
knowing that a particular asset exists. Confidentiality is sometimes called secrecy or
privacy.
Integrity means that assets can be
modified only by authorized parties or only
in authorized ways. In this context,
modification includes writing, changing,
changing status, deleting, and creating.
Availability means that assets are
accessible to authorized parties at
appropriate times. In other words, if some
person or system has legitimate access to a
particular set of objects, that access should
not be prevented.
Relationship between confidentiality,
integrity, and availability.
8. Active and Passive Attacks
Main aim of a security system is to detect and prevent such security attacks. Security attacks have
been classified as passive attacks and active attacks.
Passive Attacks: Passive attacks are kind of a read only attack where attacker is usually interested
in just gathering information without disruption of computer system’s operations and service.
Passive attack usually involves monitoring and analysis of data transmission to gain some
pg. 5
Computer Network Security Chapter 1: Introduction and Security Threats
meaningful information out of it. Passive attacks are made by directly laying hands on message
contents in the form of emails, sensitive files etc. consisting confidential information.
Another way in which a passive attack is made is by analysis of traffic where raw data is studied
and analyzed to deduce interesting patterns out - of it. For example an attack by studying the data
traffic rate of a victim can deduce at what is the peak time of data transfer when his operations can
be disrupted and will affect most.
Since passive attacks are silent in nature and show no immediate and visible signs of attack, they
are very difficult to detect.
Active Attacks: Involves alteration of data or disruption of normal working of a system. Active
attacks are usually made by masquerading attackers identity with someone else’s to either gain
extra privileges or save attackers when the attack is detected. IP masquerading is one widely used
technique for active attacks.
pg. 6
Computer Network Security Chapter 1: Introduction and Security Threats
Flood a computer or the entire network with traffic until a shutdown occurs because of the
overload.
Block traffic, which results in a loss of access to network resources by authorized users.
9.5 Spoofing
Spoofing is nothing more than making data look like it has come from a different source. This is
possible in TCP/IP because of the friendly assumptions behind the protocols.
When the protocols were developed, it was assumed that individuals who had access to the network
layer would be privileged users who could be trusted. When a packet is sent from one system to
another, it includes not only the destination IP address and port but the source IP address as well.
You are supposed to fill in the source with your own address, but there is nothing that stops you
from filling in another system’s address. This is one of the several forms of spoofing.
1. Spoofing E-Mail
2. IP address Spoofing
3. Spoofing and Trusted Relationships
4. Spoofing and Sequence Numbers
pg. 7
Computer Network Security Chapter 1: Introduction and Security Threats
House. The www.whitehouse.com URL takes you to a pornographic site. In this case, nobody is
likely to take the pornographic site to be the official government site, and it was not intended to be
taken that way. If, however, the attackers made their spoofed site appear similar to the official one,
they could easily convince many viewers that they were at the official site.
pg. 8
Computer Network Security Chapter 1: Introduction and Security Threats
attacks tend to use schemes involving spoofed emails send to users that lead them to malware
infected websites designed to appear as real on-line banking websites. Emails received by users in
most cases will look authentic sent from sources known to the user (very often with appropriate
company logo and localized information) - those emails will contain a direct request to verify some
account information, credentials or credit card numbers by following the provided link and
confirming the information on-line. The request will be accompanied by a threat that the account
may become disabled or suspended if the mentioned details are not being verified by the user.
pg. 9
Computer Network Security Chapter 1: Introduction and Security Threats
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this
reason, many viruses attach themselves to executable files that may be part of legitimate programs
(code injection). If a user attempts to launch an infected program, the virus' code may be executed
simultaneously. Viruses can be divided into two types based on their behavior when they are
executed:
Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module.
The finder module is responsible for finding new files to infect. For each new executable file the
finder module encounters, it calls the replication module to infect that file.
Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by
nonresident viruses. This module, however, is not called by a finder module. The virus loads the
replication module into memory when it is executed instead and ensures that this module is
executed each time the operating system is called to perform a certain operation. The replication
module can be called, for example, each time the operating system executes a file. In this case the
virus infects every suitable program that is executed on the computer.
Computer virus is a harmful software program written intentionally to enter a computer without
the user's permission or knowledge. It has the ability to replicate itself, thus continuing to spread.
Some viruses do little but replicate, while others can cause severe harm or adversely affect the
program and performance of the system. A virus should never be assumed harmless and left on a
system.
There are different types of viruses which can be classified according to their origin, techniques,
types of files they infect, where they hide, the kind of damage they cause, the type of operating
system, or platform they attack. Let us have a look at few of them.
pg. 10
Computer Network Security Chapter 1: Introduction and Security Threats
However, this type of virus has minimal effect on the computer's performance.
Overwrite Viruses
A virus of this kind is characterized by the fact that it deletes the information contained in the files
that it infects, rendering them partially or totally useless once they have been infected. The virus
replaces the file content. However, it does not change the file size.
Examples: Way, Trj.Reboot, Trivial.88.D For protection the only way to clean a file infected by
an overwrite virus is to delete the file completely, thus losing the original content. However, it is
very easy to detect this type of virus, as the original program becomes useless.
Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain
macros, like .doc, .xls, .pps, .mdb, etc. These mini-programs make it possible to automate series
of operations so that they are performed as a single action, thereby saving the user from having to
carry them out one by one. These viruses automatically infect the file that contains macros, and
also infects the templates and documents that the file contains. It is referred to as a type of e-mail
virus.These hide in documents that are shared via e-mail or networks. Examples: Relax, Melissa.A,
Bablas, O97M/Y2K. The best protection technique is to avoid opening e-mails from unknown
senders. Also, disabling macros can help to protect your useful data.
Directory Virus
Directory viruses (also called Cluster Virus/File System Virus) infect the directory of your
computer by changing the path that indicates the location of a file. When you execute a program
file with an extension .EXE or .COM that has been infected by a virus, you are unknowingly
running the virus program, while the original file and program is previously moved by the virus.
Once infected, it becomes impossible to locate the original files. It is usually located in only one
location of the disk, but infects the entire program in the directory. Examples: Dir-2 virus. For
protection all you can do is, reinstall all the files from the backup that are infected after formatting
the disk.
Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms
and encryption keys) every time they infect a system. This makes it impossible for antivirus
software to find them using string or signature searches (because they are different in each
encryption). The virus then goes on to create a large number of copies. Examples: Elkern, Marburg,
pg. 11
Computer Network Security Chapter 1: Introduction and Security Threats
Satan Bug and Tuareg. Install a high-end antivirus as the normal ones are incapable of detecting
this type of virus.
Companion Viruses
Companion viruses can be considered as a type of file infector virus, like resident or direct action
types. They are known as companion viruses because once they get into the system they
'accompany' the other files that already exist. In other words, to carry out their infection routines,
companion viruses can wait in memory until a program is run (resident virus), or act immediately
by making copies of themselves (direct action virus).
Hideout: These generally use the same filename and create a different extension of it. For example:
If there is a file "Me.exe", the virus creates another file named "Me.com" and hides in the new file.
When the system calls the filename "Me", the ".com" file gets executed (as ".com" has higher
priority than ".exe"), thus infecting the system.
Examples: Stator, Asimov.1539 and Terrax.1069. For protection install an antivirus scanner and
also download Firewall.
FAT Virus
The file allocation table (FAT) is the part of a disk used to store all the information about the
location of files, available space, unusable space, etc. FAT virus attacks the FAT section and may
damage crucial information. It can be especially dangerous as it prevents access to certain sections
of the disk where important files are stored. Damage caused can result in loss of information from
individual files or even entire directories.
Examples: Link Virus. Before the virus attacks all the files on the computer, locate all the files that
are actually needed on the hard drive, and then delete the ones that are not needed. They may be
files created by viruses.
Multipartite Virus
These viruses spread in multiple ways possible. It may vary in its action depending upon the
operating system installed and the presence of certain files. In the initial phase, these viruses tend
to hide in the memory as the resident viruses do; then they infect the hard disk. Examples: Invader,
Flip and Tequila. You need to clean the boot sector and also the disk to get rid of the virus, and
then reload all the data in it. However, ensure that the data is clean.
Logic Bombs
Logic bombs are small programs or sections of a program triggered by some event such as a certain
date or time, a certain percentage of disk space filled, the removal of a file, and so on. For example,
a programmer could establish a logic bomb to delete critical sections of code if he/she is terminated
pg. 12
Computer Network Security Chapter 1: Introduction and Security Threats
from the company. Logic bombs are most commonly installed by insiders with access to the
system. Logic bombs go undetected until launched, the results can be destructive, and your entire
data can be deleted!
pg. 13