• Computer security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
PRINCIPLES OF SECURITY
⛔Confidentiality
🔻- Data confidentiality:
Assures that confidential information is not disclosed to unauthorized individuals
🔻- Privacy:
Assures that individual control or influence what information may be collected and stored
⛔Integrity
🔻- Data integrity:
assures that information and programs are changed only in a specified and authorized manner
🔻-System integrity: Assures that a system performs its operations in unimpaired manner
⛔ Availability:
assure that systems works promptly and service is not denied to authorized users
✅1.4.1 Confidentiality
🔻The principle of confidentiality specifies that only the sender and the intended recipient(s) should be able to access the contents of a message.
🔻Confidentiality gets compromised if an unauthorized person is able to access a message.
🔻Example of compromising the confiden tiality of a message is shown in Fig. 1.2.
🔻 Here, the user of computer A sends a message to the user of computer B.
Another user C gets access to this message, which is not desired, and therefore, defeats the purpose of confidentiality.
🔻Example of this could be a confidential email message sent by A to B. which is accessed by C without the permission or knowledge of A and B.
This type of attack is called as interception.
✅1.4.2 Authentication
🔻Authentication mechanisms help establish proof of identities.
🔻The authentication process ensures that the origin of an electronic message or document is correctly identified.
🔻For instance, suppose that user C sends an electronic document over the Internet to user However, the trouble is that user C had posed as user A when she sent this document to user B.
🔻 How would user B know that the message has come from user C, who is posing as user
⛔ A real life example of this could be the case of a user C.
🔻posing as user A, sending a funds transfer request (from A's account to C's account) to account B.
🔻The bank might happily transfer the funds from A's account to C's account-after all, it would think that user A has requested for the funds transfer!
This concept is shown in Fig. 15.
This type of attack is called as fabrication.
✅1.4.3 Integrity
🔻When the contents of a message are changed after the sender sends it, but before it reaches the intended recipient, we say that the integrity of the message is lost.
⛔For example, suppose you write a cheque for $100 to pay for the goods bought from the US. However, when you see your next account statement, you are startled to see that the cheque resulted in a payment of $1000! This is the case for loss of message integrity.
🔻Conceptually, this is shown in Fig. 1.4. Here, user C tampers with a message originally sent by user A, which is actually destined for user B. User C somehow manages to access it, change its contents, and send the changed message to user B.
🔻User B has no way of knowing that the contents of the message were changed after user A had sent it. User A also does not know about this change.
This type of attack is called as modification.
💥note:- Modification causes loss of message integrity.
✅1.4.4 Non-repudiation
🔻There are situations where a user sends a message, and later on refuses that she had sent that message.
⛔For instance, user A could send a funds transfer request to bank B over the Internet. After the bank performs the funds transfer as per A's instructions, A could clain. that she never sent the funds transfer instruction to the bank! Thus.
🔻A repudiates, or denies, her funds transfer instruction. The principle of no-repudiation defeats such possibilities of denying something, having done it
Non-repudiation does not allow the sender of a message to refute the claim of not sending that message.
✅1.4.5 Access Control
🔻The principle of access control determines who should be able to access what.
🔻For instance, we should be able to specify that user A can view the records in a database, but cannot update them. However, user B might be allowed to make updates as well.
🔻 An access control mechanism can be set up to ensure this.
🔻Access control is broadly related to two areas: role man agement and rule management.
🔻Role management concentrates on the user side (which user can do what), whereas rule management focuses on the resources side (which resource is acces sible, and under what circumstances).
🔻Based on the decisions taken here, an access control matrix is prepared, which lists the users against a list of items they can access (e.g. it can say that user A can write to file X. but can only update files Y and Z). An Access Control List (ACL) is a subset of an access control matrix.
⛔Note:- Access control specifies and controls who can access what.
✅1.4.6 Availability
The principle of ailability states that resources (ie. information) should be available to authorized parties at all times.
⛔For example, due to the intentional actions of another unauthorized user C, an authorized user A may not be able to contact a server computer B. as shown in Fig. 15.
🔻This would defeat the principle of availability. Such an attack is called as interruption.
✅Challenges
🔻1. Computer security is not simple
🔻2. One must consider potential (unexpected) attacks
🔻3. Procedures used are often counter-intuitive
🔻4. Must decide where to deploy mechanisms
🔻 5. Involve algorithms and secret info (keys)
🔻6. A battle of wits between attacker / admin
🔻7. It is not perceived on benefit until fails
🔻 8. Requires constant monitoring
✅Adversary (threat agent)
An entity that attacks or is a threat to a system
✅Attack
An assault on system security that derives from an intelligent threat that is an inteligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system
✅Countermeasure:-
an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it by minimizing theharm it can cause, or by discovering and reporting it so that corrective action can be taken
✅Risk
An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result
✅Security Policy
A set of rules and practices that specify or regulate how a system or organization provides
Security services to protect sensitive and critical system resources.
✅System Resource (Asset)
Data contained in an information system or a service provided by a system for a system capability, such as processing power or communication bandwidth, or an item of system equipment (e a system component hardware, firmware, software, or documentation); or a facility that houses system operations and equipment
✅Threat
A potential for violation of security, which exists when there is a circumstance, capability.
Action, or event that could breach security and cause harm. That is, a threat is a possible danger that might exploit a vulnerability
✅Vulnerability
Flaw of weakness in a system’s design, implementation or operation and management that could be exploited to violate the system’s security policy.
✅Examples of threats
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅
✅Virus
Self-replicating program that attach itself to an existing program and infects a system without permission or knowledge of the user.
A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
Computer viruses cause billions of dollars' worth of economic damage each year.
✅Phases/ Life Cycle of Computer Virus
✅Dormant phase:
• The virus program is idle during this stage.
.The virus program has managed to access the target user's computer or software.
• The virus will eventually be activated by the "trigger".
• Not all viruses have this stage.
✅Propagation phase:
. The virus starts propagating by multiplying and replicating itself.
• The virus places a copy of itself into other programs or into certain system areas on the disk.
.The copy may not be identical to the propagating version
• Viruses often "morph" or change to evade detection by anti-virus software.
✅Triggering phase:
A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended.
The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.
The trigger may occur when an employee is terminated from their employment or after a set period of time has elapsed, in order to reduce suspicion.
✅Execution phase:
This is the actual work of the virus, where the "payload" will be released.
It can be destructive such as
• Deleting files on disk
• Crashing the system
• Corrupting files
• Popping up humorous or political messages on screen
✅Computer Worm
• A self-replicating computer program, similar to a computer virus
• Unlike a virus, it is self-contained and does not need to be part of another program to propagate itself
• Often designed to exploit computers' file transmission capabilities
✅Worm
A program or algorithm that replicates itself over a computer network or through e-mail and sometimes performs malicious actions such as using up the computer and network resources and possibly destroying data.
• Examples: Klez, Nimda, Code Red
✅Logic Bomb
• Does not replicate
• Essentially a delayed-action computer virus or Trojan horse
✅Definition
Man-in-the-Middle (MitM) attacks happen when traffic between two parties is observed or manipulated by an unknown third party.
A MitM attack is a cybercrime method used to steal personal information or login credentials. Cyber criminals also use MitM attacks as a means to spy on, corrupt information, or disrupt communications between two parties.
✅Methods
Man-in-the-Middle attacks can happen in a number of ways:
Types of Spoofing (IP, DNS, HTTPS) Hijacking (Secure Socket Layer, Email)
Wi-Fi Eavesdropping
Theft of Browsing Cookies
✅SSL Hijacking
SSL stands for Secure Sockets Layer, which was a protocol developed in order to communicate over the internet securely. Sometimes when a device visits an unsecure website (http), it is automatically redirected to the secure version (https).
An attacker utilizes a computer and secure server to reroute information of a user right before connection to a legitimate server, this is SSL Hijacking
✅Email Hijacking
Emall Hijacking occurs when attackers target financial organizations for email information.
After obtaining access to email accounts, attackers can monitorallinancial transactions.
Attackers then follow up by "spoofing the financial institution's email and possibly providing users with instructions that would result in the attacker receiving funds.
✅Wi-fi Eavesdropping
• WPFreonnections can be configured and appear to have a valid name, such as the Wi-fi of a favourite coffee shop.
If a user connects to the fraudulent Wi-Fi connection, the user's online activities can be observed and personal information like banking cards can be attained.
✅Denial of service attack
.jpeg)
0 Comments