Computer Hardware and Software

installation and maintenance

Fundamentals of security

1
 OUTLINE
i. What is Security in Computing?

ii. Why Security is important.

iii. Lojack

ii. Security threats

iii. Viruses, worms, and trojans, adware, spywares, and grayware

iv. Web security, spam, denial of service

v. Social engineering
2
vi. TCP/IP attacks
SECURITY
Security" refers to the state or quality of being protected from harm, danger,
or unwanted threats. In a broad sense, security can apply to various contexts,
including physical, financial, personal, and digital domains.

It involves implementing measures, protocols, and practices to mitigate risks

and ensure safety, integrity, and confidentiality.

3
What is Security in Computing?
• Security in computing" refers to the measures, practices, and
technologies used to protect computer systems, networks, and data
from unauthorized access, use, disclosure, disruption, modification,
or destruction.

• It encompasses various aspects of safeguarding information and

ensuring the confidentiality, integrity, and availability of computing
resources.
4
 Components of security in computing
• Access Control: This involves controlling who can access resources within a
computing environment. Access control mechanisms include passwords,
biometric authentication, access control lists (ACLs), and role-based access
control (RBAC).

• Encryption: Encryption is the process of encoding data in such a way that only
authorized parties can access it. It's used to protect sensitive information during
transmission and storage. Encryption algorithms and protocols like AES
(Advanced Encryption Standard) and SSL/TLS (Secure Sockets Layer/Transport
5
Layer Security) are commonly employed.
Components of security in computing cont.
• Authentication: Authentication verifies the identity of users or systems
attempting to access resources. This can be achieved through various methods
such as passwords, multi-factor authentication (MFA), digital certificates, and
biometric authentication.

• Firewalls: Firewalls are network security devices that monitor and control
incoming and outgoing traffic based on predetermined security rules. They
help prevent unauthorized access to or from private networks while allowing
legitimate 6
Importance of Security
• Security is crucial in the digital age due to the increasing reliance on technology
for various aspects of daily life and business operations.

Why security is important.

• Protection of sensitive information: Security measures safeguard sensitive data

such as personal, financial, and proprietary information from unauthorized access
or theft.

• Preservation of privacy: Security measures ensure the confidentiality of

personal and confidential information, preventing unauthorized individuals or
entities from accessing or exploiting it. 7
Importance of Security cont.
• Prevention of financial loss: Security helps prevent financial losses resulting
from data breaches, identity theft, fraud, or cyberattacks targeting financial
assets.

• Maintenance of trust and reputation: Strong security measures enhance trust

and credibility among customers, clients, and partners, preserving the reputation
and integrity of individuals and organizations.

• Compliance with regulations: Security measures are often necessary to comply

with laws, regulations, and industry standards related to data protection and
8
privacy.
Lojack
"LoJack" or "Computrace LoJack" refers to a software product that can be installed in the BIOS and when

enabled , can track and recover stolen laptops, desktops, and mobile devices. It's similar in concept to the
vehicle recovery system, but it's aimed at the digital realm.

How it works

• Installation: LoJack software is installed on the device, often at the BIOS or firmware level, making it
resistant to removal or tampering by thieves.

• Activation: If the device is stolen, the owner reports the theft to the LoJack service provider. The service
provider then activates the tracking feature within the software.

• Tracking: Once activated, the software begins sending location information and other data to the LoJack
service provider, allowing them to track the stolen device's whereabouts.

• Recovery: Law enforcement agencies can use the tracking data provided by LoJack to locate and recover
9
the stolen device.
Security threats
Security threats encompass a wide range of malicious activities and vulnerabilities that can

compromise the integrity, confidentiality, or availability of information and systems. Common

security threats include:

• Malware (viruses, worms, trojans)
• Phishing attacks
• Denial-of-Service (DoS) attacks
• Insider threats
• Data breaches
• Social engineering attacks
• Advanced persistent threats (APTs)
• Ransomware
10
• Zero-day exploits
Definitions of various types of malware
• Viruses: Malicious software that replicates itself and spreads to other files or systems by

attaching to host programs. Viruses can cause damage to files, disrupt system operations, and

spread to other computers via infected files.

• Worms: Self-replicating malware that spreads across networks without requiring user

interaction. Worms exploit vulnerabilities in network protocols or software to propagate and

can cause significant damage by consuming network bandwidth or exploiting security

vulnerabilities.

• Trojans: Malware disguised as legitimate software or files to deceive users into executing

them. Trojans typically perform malicious actions such as stealing sensitive information,
11
Definitions of various types of malware cont.
• Adware: Software that displays unwanted advertisements or pop-ups to users, often

bundled with legitimate software downloads. Adware may collect user data and degrade

system performance.

• Spyware: Malware designed to secretly monitor and collect information about a user's

activities without their consent. Spyware may track keystrokes, browsing habits, passwords,

and sensitive information.

• Grayware: Potentially unwanted or undesirable software that exhibits behaviour similar to

malware but may not meet the criteria for strict classification as malware. Examples include

adware, spyware, and browser toolbars. 12

Definitions of various types of malware cont.
• Insider Threats: Insider threats refer to security risks posed by individuals within an
organization, such as employees, contractors, or partners, who exploit their access privileges to
intentionally or unintentionally compromise security. Insider threats can take various forms,
including:

1. Unauthorized access to sensitive data or systems

2. Theft of intellectual property or confidential information

3. Sabotage of systems or data

4. Malicious activities motivated by financial gain, revenge, or ideology Organizations mitigate

insider threats through employee training, access controls, monitoring user activities,
13
implementing least privilege principles, and fostering a culture of security awareness.
Definitions of various types of malware cont.

• Data breach: Data breach occurs when unauthorized individuals or entities gain access to sensitive or
confidential information stored by an organization. Data breaches can result from various factors, including
cyberattacks, insider threats, accidental exposure, or vulnerabilities in systems or applications.
Consequences of data breaches may include:

1. Theft of personal or financial information

2. Compromised customer trust and reputation damage

3. Legal and regulatory penalties

4. Financial losses from remediation costs, lawsuits, and fines

5. Organizations mitigate data breaches through implementing robust security measures such as encryption,
access controls, network monitoring, incident response plans, and compliance with data protection
14
regulations.
 Definitions of various types of malware cont.
• Social Engineering Attacks:
• Social engineering attacks exploit human psychology to manipulate individuals into divulging
confidential information, performing actions.
Social engineering tactics include:
1. Phishing emails impersonating legitimate entities to trick users into disclosing passwords or
sensitive information
2. Pretexting, where attackers create false scenarios to gain trust and extract information from
victims
3. Baiting, enticing victims with promises of rewards or benefits to trick them into downloading
malware or providing access credentials
4. Impersonation, where attackers pose as trusted individuals or authorities to deceive victims into
complying with requests
5. Organizations combat social engineering attacks through employee training, implementing
multi-factor authentication, conducting security awareness programs, and deploying email
filtering and monitoring solutions. 15
Definitions of various types of malware cont.
• Advanced Persistent Threats (APTs): APTs are sophisticated and targeted
cyberattacks orchestrated by highly skilled adversaries, such as nation-state actors,
organized crime groups, or cyber espionage organizations. APTs aim to infiltrate
networks, remain undetected for extended periods, and steal sensitive information or
disrupt operations.
Characteristics of APTs include:
1. Persistent and stealthy tactics to evade detection by security defences
2. Customized malware and advanced attack techniques tailored to specific targets
3. Long-term surveillance and reconnaissance activities to gather intelligence and
identify vulnerabilities
4. Organizations defend against APTs by implementing advanced threat detection
tools, conducting regular security assessments, segmenting networks, enforcing
strict access controls, and fostering a cybersecurity culture.
16
Definitions of various types of malware cont.
• Ransomware:

• Ransomware is a type of malicious software that encrypts files or locks users out of
their systems, demanding payment (usually in cryptocurrency) for decryption keys or to
restore access. Ransomware attacks often propagate through phishing emails, malicious
attachments, or exploit kits.

• Consequences of ransomware attacks include:

1. Data encryption or system lockdown, rendering files or systems inaccessible

2. Financial extortion and ransom demands

3. Operational disruption and downtime

4. Loss of data integrity and confidentiality 17

 Definitions of various types of malware cont.
• Zero-day Exploits:
• Zero-day exploits are vulnerabilities in software or hardware that are unknown to the
vendor and have no available patches or fixes. Attackers exploit zero-day vulnerabilities
to launch targeted attacks before security vendors or developers can develop and
distribute patches. Zero-day exploits pose significant risks because they leave systems
vulnerable to exploitation until patches are released.
Mitigation strategies for zero-day exploits include:
1. Intrusion detection and prevention systems to detect and block malicious activity
2. Vulnerability management programs to identify and prioritize patching of critical
vulnerabilities
3. Application whitelisting and sandboxing to limit the impact of untrusted software
4. Security research and threat intelligence to stay informed about emerging threats and
vulnerabilities.
18
Web security, spam, and denial of service

• Web security: Web security involves protecting websites, web applications, and web services
from various threats such as cyberattacks, data breaches, and unauthorized access. Measures
include using secure coding practices, implementing firewalls, deploying SSL/TLS encryption,
and regularly updating software to address vulnerabilities.

• Spam: Unsolicited or unwanted emails sent in bulk, often for commercial purposes or
spreading malware. Spam can overload email servers, waste network bandwidth, and pose
security risks if email attachments or links contain malware.

• Denial-of-Service (DoS) attacks: Attacks aimed at disrupting or disabling the availability of

online services or networks by overwhelming them with excessive traffic or requests. DoS
attacks can cause service outages, slow performance, and financial losses for targeted
19
organizations.
Social Engineering
Social engineering:
• Social engineering refers to psychological manipulation techniques used by attackers to deceive individuals or
employees into divulging confidential information, performing actions, or compromising security controls.
Examples of social engineering tactics include:
• Pretexting: This is when an attacker creates a fabricated scenario to engage a target in order to steal information.
For example, someone might pretend to be from a bank and call a person, claiming there's an issue with their
account to get them to reveal sensitive information.
• Phishing Emails: Phishing emails are fraudulent emails that appear to be from legitimate sources. They often
contain links to fake websites or ask for personal information like passwords or credit card numbers. The goal is to
trick the recipient into providing sensitive information or installing malware.
• Impersonation: Impersonation involves pretending to be someone else, often to gain access to information or
resources. This could be impersonating a co-worker, a customer, or even a superior to manipulate others into
providing information or performing certain actions.
• Baiting: Baiting involves enticing victims with something appealing, such as a free movie download or a USB
drive labelled "Confidential," which actually contains malware. The attacker relies on the victim's curiosity or
desire for a reward to trick them into taking an action that compromises security. 20
TCP/IP attacks
• TCP/IP attacks: TCP/IP attacks target vulnerabilities in the TCP/IP protocol suite, which governs how data is

transmitted across networks.

Common TCP/IP attacks include:

1. IP spoofing: Manipulating the source IP address in network packets to impersonate a trusted entity or

evade security controls.

2. Packet sniffing: Capturing and analysing network traffic to eavesdrop on sensitive information such as

usernames, passwords, and data packets.

3. TCP SYN flooding: Exploiting vulnerabilities in the TCP three-way handshake process to flood a target

server with excessive SYN requests, overwhelming its resources and causing a denial of service.

4. TCP session hijacking: Intercepting and taking control of an ongoing TCP session between a client and
21
server to eavesdrop on or manipulate data exchanges.
THANK YOU.

22