SECURITY ISSUES

Prepared by Ashis Mitra For B. Com students

Four most common and damaging forms of security threats are: 1. Malicious codes 2. Hacking 3. Identity thefts 4. Denial of Service(DoS) Attacks

A computer programme is a sequence or symbols that are designed to achieve a desired functionality. The programe is termed malicious when their sequence of instructions are intentionally used to cause adverse effects to the system. Malicious codes are also called programmed threats.

 Malicious

code may be divided into two categories: 1. Need host programme It requires some actual application programme, utility or system programme to develop the malicious code (like virus, trojan horse) 2. Independent It is self-contained that can be scheduled and run by the operating system (like Worm).

Virus It is a code segment which replicates by attaching copies to existing executables. The following are necessary characteristics of a virus:
replication requires

a host program as a carrier by external action limited to (virtual)

activated

replication

Trojan Horse - a program which performs a useful function, but also performs an unexpected action as well. It is apparently a useful programme or command procedure containing hidden code that when invoked performs some unwanted or harmful function.

 Worm

- a program which replicates itself and causes execution of the new copy. A variation is Network Worm - a worm which copies itself to another system by using common network facilities, and causes execution of the copy on that system.

 The

following are necessary characteristics of a worm: replication self-contained; does not require a host activated by creating process (needs a multi-tasking system) for network worms, replication occurs across communication links

Spyware - Since 2003 or so, the most costly form of malware in terms of time and money spent in recovery has been the broad category known as Spyware. Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engines results to paid advertisements.

 Hacking

is an effort by an individual who intends to gain unauthorised access to a computer system. When hacking is done with a criminal intent it is called cracking. When hackers intentionally disrupt or destroy a Website, it is called cyber vandalism.

Identity thefts may be of two categories spoofing and sniffing. Spoofing It is a process adopted by a hacker to pretend to be someone what he or she is not or representing an Website as an original when it is fake. It may not directly damage a file but threatens the integrity or authenticity.

Sniffing
It

is a type of tapping or eavesdropping programme that monitors information travelling over a network. It can read e-mail messages and unencrypted Web client-server message traffic such as user log-ins, passwords.

 It

is to disrupt the normal computer processing or deny processing entirely. This attack causes the computer to slow down to an intolerably low speed. DoS attacks remove information altogether or delete information from a transmission or file.

A firewall is a barrier to keep destructive forces away from computer system. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. A firewall prevents certain outside connections from entering into the network. It traps inbound or outbound packets, analyses them, and then permits access or discards

A firewall usually has two network interfaces: one for the network being protected, and one for the outside network. It is placed on the junction point between two networks, usually a private network and a public network (such as the Internet).

Computer networks are generally designed to do one thing above all others: allow any computer connected to the network to freely exchange information with any other computer also connected to the same network. Once that network is connected to other networks where the trust relationships simply do not exist in the same way, then other mechanisms need to be put in place to provide adequate security by protecting resources on the trusted network from potential access by

 1. Network layer or Packet Filtering

firewalls - Packet Filtering firewalls are usually implemented as part of an internet router. A router is a device that receives packets from one network and forwards them to another network according to the packets destination IP address. Since a router is needed in order to connect to the internet in the first place, implementing a packet filtering at the router level affords a useful degree of security with no extra charge.

 2.

Application gateway or

proxy. An application gateway is a firewall system that uses the application layer information in order to filters packets. The main idea that stands behind an application gateway is not to allow direct connection between software running on an external host to the software of the internal network. The direct connection is broken into two separate connections.

In computer networking, DMZ is a firewall configuration for securing local area network or LAN. In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet. One or more computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker requests for the rest of the LAN, adding an extra layer of protection for computers behind the firewall.

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily

 Digital

Signature is based on cryptography. Public key cryptography employs an algorithm using two different but mathematically related keys one for creating a digital signature and another for verifying it.

Encryption is the coding of information by using a mathematically based programme and a secret key to produce a string of characters that is unintelligible without the key to decode it. So, in simplest term, encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

 Decryption

is the process of converting encrypted data back into its original form so that it can be understood. Correct decryption key is required to easily recover the content of an encrypted signal and that decryption key must be kept secret.

It provides assurance that the message has not been altered. (Message integrity) 2. It prevents the user from denying thsat he or she sent the message. (Non-repudiation) 3. It provides verification of the identity of the user sending the message. (Authentication) 4. It gives assurance that the message is not read by others. (Confidentiality)

1. Symmetric encryption It is a type of encryption where the same key is used to encrypt and decrypt the message. Symmetric encryption, also known as secret key encryption or private key encryption, uses a single numeric key to encode or decode data. So both the sender as well as receiver must use the same key to encrypt and decrypt a message.

2. Asymmetric encryption It encodes messages by using two mathematically related numeric keys. So, it is a cryptographic system that uses two keys - a public key known to everyone and a private or secret key known only to the recipient of the message. Public key is used to encrypt messages and the private key is used by the key owner to decrypt all messages received.