
























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
chapter one computer security chapter one use it
Typology: Cheat Sheet
1 / 32
This page cannot be seen from the preview
Don't miss anything!

























A computer security threat is a potential violation of security; it is
any person, act, or object that poses a danger to computer
security/privacy
The violation need not actually occur for there to be a threat
The fact that the violation might occur means that those actions
that could cause it to occur must be guarded against (or
prepared for)
Those actions are called attacks
Those who execute such actions, or cause them to be
executed, are called attackers
The computer world is full of threats; viruses, worms, crackers,
etc.
And so is the real world; thieves, pick-pockets, burglars,
murderers, drunk drivers, …
Note: the terms threat and attack are commonly used to mean
more or less the same thing
Viruses
A computer program that is designed to replicate itself by copying itself into
the other programs stored in a computer.
Most viruses require end-user initiation, and can activate at a specific time or
date
Similar to a biological virus: replicates and spreads by its own
Damage varies on what the writer thinks
Nonvirus Virus or a Hoax
Another new type of virus
Rather than actually writing a virus, a perpetrator sends an e-mail to every
address he has. The e-mail claims to be from some well-known antivirus
center and warns of a new virus that is circulating. The e-mail instructs
people to delete some file from their computer to get rid of the virus.
The file, however, is not really a virus but part of a computer’s system
Some people could even e-mail their friends and colleagues to warn them
to delete such a file from their machines
Spyware is software that enables a criminal to
obtain information about a user’s computer activities.
Spyware often includes activity trackers, keystroke
collection, and data capture.
In an attempt to overcome security measures, spyware often modifies
security settings.
Adware typically displays annoying pop-ups to generate revenue for its
authors.
The malware may analyze user interests by tracking the websites
visited.
It can then send pop-up advertising pertinent to those sites.
System access is the ability for an unauthorized intruder to gain
access to a device for which the intruder does not have an account or
a password.
Entering or accessing systems to which one does not have authority
to access usually involves running a script, or tool that exploits a
known vulnerability of the system or application being attacked
An unauthorized user gaining physical access to a computer (or part
thereof) can perform many functions, install different types of devices
to compromise security, including operating system modifications,
software worms, key loggers, and covert listening devices
Direct-access attacks are the only type of threat to Standalone
computers (never connect to internet), in most cases
Denial-of-Service (DoS) Attacks
Denial of service implies that an attacker disables or corrupts
networks, systems, or services with the intent to deny services to
intended users.
DoS attacks involve either crashing the system or slowing it down to
the point that it is unusable.
But DoS can also be as simple as deleting or corrupting information.
In most cases, performing the attack simply involves running a script.
The attacker does not need prior access to the target because a way
to access it is all that is usually required.
For these reasons, DoS attacks are the most feared.
In a computer program, variables are allocated with fixed-
size blocks of memory.
After this memory is allocated, the program can store and
retrieve data from these locations.
Buffer overflows occur when the amount of data written to
one of these blocks of memory exceeds its size.
As a result, memory allocated for other purposes is
overwritten, which can have various effects on the program
Incomplete mediation :Inputs to programs are often specified by
untrusted users.
Web-based applications are a common example • “Untrusted” to do
what?
Users sometimes mistype data in web forms
o Phone number: 51998884567
o Email: iang#cs.uwaterloo.ca
The web application needs to ensure that what the user has entered
constitutes a meaningful request this is called mediation
Incomplete mediation occurs when the application accepts incorrect
data from the user ;
Sometimes this is hard to avoid
o Phone number: 519-886-
o This is a reasonable entry, that happens to be wrong
We focus on catching entries that are clearly wrong •
Not well formed
o DOB: 1980-04-
Unreasonable values
o DOB: 1876-10-
Inconsistent with other entries
Why do we care?
What’s the security issue here?
What happens if someone fills in:
DOB: 98764874236492483649247836489236492
o Buffer overflow?
DOB: ’; DROP DATABASE clients;
o SQL injection?
Example
At a bookstore website, the user orders a copy of the course text.
The server replies with a form asking the address to ship to. This form has
hidden fields storing the user’s order •
<input type="hidden" name="isbn"
value="0-13-239077-9">
<input type="hidden" name="quantity"
value="1">
<input type="hidden" name="unitprice"
value="111.00">
What happens if the user changes the “unitprice” value to “50.00” before submitting the
form?
19
Defenses against incomplete mediation