COMPUTER SECURITY

Prepared By:

Vaibhavi Patel

Increased reliance on Information technology with or with out the use of networks.

The use of IT has changed our lives drastically.

We depend on E-mail, Internet banking, and several other governmental activities that use IT

Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)

Why do we need Security?

History In 1983, Kevin Mitnick did an intrusion

on a Pentagon’s computer Robert Tappan Morris created the first

worm and sent it from MIT to the web and caused $50,000 of damages

In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars

Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars

Definition

Branch of Computer Technology that includes protection of information and property from theft, corruption, or natural disaster allowing the information and property to remain accessible and productive to its intended users.

It deals with the prevention and detection of unauthorised actions by users of a computer system.

Prevention : ~ Helps to stop unauthorized users (known as “intruders”) from accessing any part of computer.

Detection : ~ Helps to determine whether or not anyone attempted to break into your system, if they were successful, and what they may have done.

Re-action: ~ Ensure future security needs.

Integrity

Confidentiality

Avalaibility

6

Fundamentals of Security Goals

Confidentiality

Confidentiality is the avoidance of the unauthorized disclosure of information. – confidentiality involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. Tools for Confidentiality 1. Encryption 2. Access Control 3. Authentication 4. Authorization

Integrity

Integrity: the property that information has not be altered in an unauthorized way.

Tools of Integrity– Backups– Checksums– Data correcting codes

Availability

The property that information is accessible and modifiable in a timely fashion by those authorized to do so.

Tools of Availability

– Physical protections

– Computational redundancies

TYPES OF SECURITY ATTACKS

Some common attacks

Network Attacks Packet sniffing, man-in-the-middle, Denial

of Service attack, Identity Spoofing ,Password-based attacks, Session Hijacking.

Web attacks Phishing, SQL Injection, Cross Site

Scripting.

Software attacks Malware: Virus, Trojan, Worms, Root kits,

Backdoors.

Network Attacks Packet Sniffing

Internet traffic consists of data “packets”, and these can be “sniffed” means captured. Leads to other attacks such as

password sniffing, cookie stealing ,Session Hijacking.

Man in the Middle Insert a router in the path between client and server, and change the packets as they pass through

12

Denial of Service(DoS): A special kind of Internet attack aimed at large websites. Flood a computer or the entire

network with traffic until a shutdown occurs because of the overload.

Block traffic, which results in a loss of access to network resources by authorized users.

A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended respondents

Yahoo! and e-bay were both victims of such attacks in February 2000.

A Dos attack can be perpetrated in a number of ways. There are three basic types of attack. Consumption of computational resources, such

as band width, disk space or CPU time. Disruption of configuration information, such

as routing information. Disruption of physical network components.

The consequences of a DoS attack: Unusually slow network performance. Unavailability of a particular web site. Inability to access any web site. Dramatic increase in the amount of spam you

receive in your account.

Identity Spoofing (IP Address Spoofing): A hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers or gain access to a network.

How it works : The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

Password-based Attacks: An attack in which repetitive attempts are made to duplicate a valid logon or password sequence.

Techniques for cracking password: Cryptography Guessing Dictionary based attack

After gaining access to your network with a valid account, an attacker can: Obtain lists of valid user and computer names

and network information. Modify server and network configurations,

including access controls and routing tables. Modify, reroute, or delete your data.

Session Hijacking: A illicit method of stealing a Web user session by obtaining data i.e session id, about an authorized user.

Session hijacking exploits computer session between two machines.

When a TCP session is established a cookie is used to verify if the session is active or not. The attacker can steal these cookies by sniffing or using the saved cookies on victim’s computer.

Types of Session Hijacking attacks1. Active: Man-in-the-middle2. Passive: Sniffer tools3. Hybrid: Combination

Methods 1. Session fixation 2.Session side jacking

Web Attacks Phishing : It is the act of tricking someone into

giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to be from a legitimate company .

Some phishing e-mails also contain malicious or unwanted software that can track your activities or slow your computer.

Types of Phishing:1.Deceptive Email2.Malware-based3.DNS-based4.Search engine Phishing

https://

20

Sql Injection: An attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. The primary form of SQL injection consists of

direct insertion of code into user-input variables that are concatenated with SQL commands and executed.

SQL injection refers to the technique of inserting SQL meta characters and commands into Web-based input fields in order to manipulate the execution of the back-end SQL queries.

Tw0 types: First-order & Second-order Easy to inject. many websites are vulnerable to

them. Dot Defender: web app firewall, inspects HTTP

traffic

Cross-site Scripting(XSS): Writing a complex JavaScript program that steals data left by other sites that you have visited in same browsing session.

A malicious website might employ JavaScript to make changes to local system, such as copying or deleting files

A malicious website might employ JavaScript to monitor activity on local system.

A malicious website might employ JavaScript to interact with other Websites the user has open in other browser windows or tabs.

It’s called “cross-site” because it involves interactions between two separate websites to achieve its goals.

Software Attacks Malware : “Malicious Software” is intended to

damage or disable computer systems. Malware can be classified into several

categories, depending on propagation and concealment

Propagation – Virus: human-assisted propagation – Worm: automatic propagation Concealment – Root kit: modifies operating system to hide

its existence – Trojan: provides desirable functionality but

hides malicious operation

1. Virus Computer program that can replicate itself

and spread from one computer to another.

Types of Virus: 1. File Virus: Program file 2. Boot sector virus: Floppy and Hard drives 3. Macro Virus: Macro programming feature

2. Worms

Standalone malware computer program that replicates itself in order to spread to other computers.

Types of Worms: 1. Internet Worms 2.Email Worms 3.File sharing Network worms

3. Root Kits

It is a collection of tools that enable administrator-level access to a computer or computer networks.

Four types: 1. Virtualized: Virtual environment 2. Kernel Level: Kernel of OS 3. Library Level: Replace system calls 4. Application Level

4. Trojan

Malicious computer program must be executed by user.

Executable programs that perform some actions.

They have file extensions like “exe”,”com” etc.

Information Security: The protection of information and its critical

elements, including systems and hardware that use, store, and transmit that information

Necessary tools: policy, awareness, training, education, technology

C.I.A. triangle was standard based on confidentiality, integrity, and availability

TYPES OF SECURITY

Components of I.S

It consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access,misuse,modification,or denial of a computer network and network accessible resources.

Network Security

Firewalls

A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

A network firewall is similar to firewalls in building construction, because in both cases they are intended to isolate one "network" or "compartment "from another.

Firewall PoliciesTo protect private networks and individual machines from the dangers of the greater Internet, a firewall can be employed to filter incoming or outgoing traffic based on a predefined set of rules called firewall policies.

Virtual Private Networking (VPN) Virtual private networking (VPN) is a

technology that allows private networks to be safely extended over long physical distances by making use of a public network, such as the Internet, as a means of transport.

• VPN provides guarantees of data confidentiality, integrity, and authentication, despite the use of an untrusted network for transmission.

There are two primary types of VPNs, remote access VPN and site-to-site VPN.

Intrusion Detection Systems

Intrusion– Actions aimed at compromising the security of

the target (confidentiality, integrity, availability of computing/networking resources)

Intrusion detection– The identification through intrusion signatures

and report of intrusion activities Intrusion prevention The process of both detecting intrusion

activities and managing automatic responsive actions throughout the network

Applications

Banks Private and Public sector Industries Business Transactions Cloud Computing Security Aviation  National Defence Military

References http://www.infosecuritymag.com/articles/

march01/features4_battle_plans.shtml http://www.iss.net/security_center/

advice/Underground/Hacking/Methods/Technical/

http://www.microsoft.com/ http://www.nmrc.org/faqs/www/

wsec09.html http://www.tlc.discovery.com/

convergence/hackers/hackers.html http://www.tuxedo.org/~esr/faqs/hacker-

howto.html

Thank You