• Computer Security: The application of hardware, firmware and software security features to
a computer system in order to protect against, or prevent, the unauthorized
disclosure, manipulation, deletion of information.
It means that-
o
To prevent theft of or damage to the hardware.
o
To prevent theft of or damage to the information.
o To prevent disruption of
service.
• Information Security: The protection of information against unauthorized disclosure,
transfer, modification, or destruction, whether accidental or intentional.
• Network Security: Protection of networks and their services from unauthorized
modification, destruction, or disclosure. It provides assurance the network
performs its critical functions correctly and there are no harmful
side-effects.
Threats to Security
1.
Viruses :A computer virus is a piece of software that can
“infect” other programs by modifying them;
• The
modification includes injecting the original program with a routine to make
copies of the virus program, which can then go on to infect other programs.
A computer virus carries in its instructional code the
recipe for making perfect copies of itself.
• The typical
virus becomes embedded in a program on a computer.
• Then, whenever
the infected computer comes into contact with an uninfected piece of software,
a fresh copy of the virus passes into the new program.
A computer
virus has three parts:
(i)
Infection
mechanism:
• The means by
which a virus spreads, enabling it to replicate.
• The mechanism
is also referred to as the infection vector.
(ii)
Trigger:
• The event or
condition that determines when the payload is activated or delivered.
(iii)
Payload:
• What the virus does, besides spreading.
• The payload may
involve damage or may involve benign but noticeable activity.
During its lifetime, a typical virus goes through the
following four phases:
(i)
Dormant
phase:
• The virus is idle.
• The virus will
eventually be activated by some event, such as a date, the presence of another
program or file, or the capacity of the disk exceeding some limit.
• Not all viruses
have this stage.
•
(ii)
Propagation
phase:
• The virus places an identical copy of itself into
other programs or into certain system areas on the disk.
• Each infected
program will now contain a clone of the virus, which will itself enter a
propagation phase.
(iii)
Triggering
phase:
• The virus is activated to perform the function for
which it was intended.
• As with the
dormant phase, the triggering phase can be caused by a variety of system
events, including a count of the number of times that this copy of the virus
has made copies of itself.
(iv)
Execution
phase:
• The function is performed.
• The function
may be harmless, such as a message on the screen, or damaging, such as the
destruction of programs and data files.
Most viruses carry out their work in a manner that is
specific to a particular operating system and, in some cases, specific to a particular
hardware platform.
• Thus, they are
designed to take advantage of the details and weaknesses of particular systems.
2. Worm :It is a program that can replicate itself and send
copies from computer to computer across network connections.
• Upon arrival,
the worm may be activated to replicate and propagate again.
In addition to propagation,
the worm usually performs some unwanted function.
• An e-mail virus
has some of the characteristics of a worm because it propagates itself from
system to system.
• However, we can
still classify it as a virus because it uses a document modified to contain
viral macro content and requires human action.
A worm actively seeks out more machines to infect and
each machine that is infected serves as an automated launching pad for attacks
onother machines.
3.
Intruders:An Intruder is a person who attempts to gain unauthorized
access to a system, to damage that system, or to disturb data on that system.
In summary, this person attempts to violate Security by
interfering with system Availability, data Integrity or
data Confidentiality.
• Three main classes of intruders:
i.
Masquerader:
• An individual who is not authorized to use the
computer and who penetrates a system’s access controls to exploit a legitimate user’s
account
ii.
Misfeasor:
• A legitimate user who accesses data, programs, or
resources for which such access is not authorized, or who is authorized for
such access but misuses his or her privileges
iii.
Clandestine
user:
• An individual who seizes supervisory control of the
system and uses this control to evade auditing and access controls or to
suppress audit collection
4.
Insiders :
§
An Insider threat is a malicious threat to an organization that comes
from people within the organization, such as employees, former employees,
contractors or business associates, who have inside information concerning the
organization's security practices, data and computer systems.
§
The threat may involve fraud, the theft of confidential or commercially
valuable information.
§ Insiders are more dangerous than outside intruders.
§ They have the access and knowledge necessary to cause
immediate damage to an organization.
- Most security is designed to protect against outside intruders and thus lies at the boundary between the organization and the rest of the world.
- Besides employees, insiders also include a number of other individuals who have physical access to facilities.
6. Terrorists and Information
warfare:
§ Many countries have already developed a capability to
conduct information warfare.
§ Information warfare is the
offensive and defensive use of information and information systems to deny,
exploit, corrupt, or destroy, an adversary's information, information-based
processes, information systems, and computer-based networks while protecting
one's own. Such actions are designed to achieve advantages over military or
business adversaries.”
§ Terrorist organizations can also accomplish
information warfare.
§ A
cyber-terrorist is a criminal who uses computer technology and the
internet, especially to cause fear and disruption. Some cyber-terrorists spread
computer viruses and others threaten people electronically.
§ Terrorist organizations are highly structured threats
that:-
o Are willing to conduct long-term operations.
o Have tremendous financial support.
o Have a large and organized group of attackers.\
Criminal
Organizations
:
§ Criminal organizations are terms which categorise transnational,
national, or local groupings of highly centralized enterprises run by criminals, who intend to
engage in illegal activity, most
commonly for monetary profit. Some criminal organizations, such as terrorist
organizations, are politically motivated. Sometimes criminal
organizations force people to do business with them, as when a gang extorts
money from shopkeepers for so-called "protection". Gangs may become disciplined enough to be
considered organized. An
organized gang or criminal set can also be referred to as a mob.
§ Other organizations—including states, militaries, police forces, and
corporations—may sometimes use organized crime methods to conduct their
business, but their powers derive from their status as formal social institutions.
§ A difference between criminal groups and the “average”
hacker is the level of organization that criminal elements may employ in their
attack.
Security basics:
• Three key objectives are at the heart of computer
security
– Confidentiality
– Integrity
– Availability
Confidentiality:
Covering two
related concepts:
— Data confidentiality:
Assures that private or confidential information is not made available or
disclosed to unauthorized individuals
—Privacy: Assures that
individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed
Integrity: Also covers two related concepts:
—Data integrity: Assures
that information and programs are changed only in a specified and authorized
manner
—System integrity: Assures
that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system
Availability: Assures that systems work promptly and service is not
denied to authorized users
Authenticity:
• The property of being genuine and being able to be
verified and trusted; confidence in the validity of a transmission, a message,
or message originator.
• This means verifying that users are who they say they
are and that each input arriving at the system came from a trusted source.
Accountability:
• The security goal that generates the requirement for
actions of an entity to be traced uniquely to that entity.
• This supports
nonrepudiation, deterrence, fault isolation, intrusion detection and
prevention, and after-action recovery and legal action.
Ø PHISHING
ATTACK:-
·
This type of attack use social engineering techniques to
steal confidential information - the most common purpose of such attack targets
victim's banking account details and credentials.
·
Phishing attacks tend to use schemes involving spoofed
emails send to users that lead them to malware infected websites designed to
appear as real on-line banking websites.
·
Emails received by users in most cases will look authentic
sent from sources known to the user (very often with appropriate company logo
and localised information) - those emails will contain a direct request to
verify some account information, credentials or credit card numbers by
following the provided link and confirming the information on-line.
·
The request will be accompanied by a threat that the account
may become disabled or suspended if the mentioned details are not being
verified by the user.
Summary-
·
In the hacker
creates a fake web site that looks exactly like a popular site. The phishing
part of the attack is that the hacker then sends an e-mail message trying to
trick the user into clicking a link that leads to the fake site.
·
When the user
attempts to log on with their account information, the hacker records the
username and password and then tries that information on the real site.
Types
of Phishing Attacks
1.
Social Phishing -
in the recent years Phishing techniques evolved much to include as well social
media like Facebook or Tweeter - this type of Phishing is often called Social
Phishing.
2. Spear Phishing Attack - this is a type of Phishing attack targeted at specific
individuals, groups of individuals or companies. Spear Phishing attacks are
performed mostly with primary purpose of industrial espionage and theft of
sensitive information while ordinary Phishing attacks are directed against wide
public with intent of financial fraud.
Ø SQL
Injection
·
The
point of the hack is not just to get information from the target site.
Depending on the intention of the malicious hooligans attacking you, it can
include to bypass logins, to access data as in the Yahoo! case, to modify the
content of a website as when hackers replace the website with a new front page,
or simply shutting down the server.
·
Step
one of the attack is to scan sited to see if a vulnerability exists. Believe it
or not, a hackers best friend is Google. Employing Google Dork, a hacker is
able to search for vulnerabilities using Google tricks.
·
After
a site is identified a hacker will attempt to gain a foothold and search for
files containing usernames and directories that are known to contain sensitive
data.
·
The
attack is opportunistic and does not take a lot of research or a large team to
pull off.
·
SQL injection is
the actual injection of SQL commands into web applications through user input
fields.
·
When an
application uses internal SQL commands and you also have user input
capabilities (like a login screen), SQL commands can be injected that can
create, read, update, or delete any data available to the application.
SQL
Injection Prevention
You can put tight constraints on user inputs. But the
best method of preventing SQL injection is to avoid the use of dynamically
generated SQL in your code. Instead use stored or canned procedures.
And then again, run a scan to make sure your
application is not vulnerable to SQL injections.
2 Comments
good work in computer network and sicurity
ReplyDeletethanks
Delete