computer security chapter one use it, Cheat Sheet of Computer Security

chapter one computer security chapter one use it

Typology: Cheat Sheet

2022/2023

Uploaded on 12/02/2023

shifara-tesfaye
shifara-tesfaye 🇪🇹

1 document

1 / 32

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 2 - Computer Security Threats
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20

Partial preview of the text

Download computer security chapter one use it and more Cheat Sheet Computer Security in PDF only on Docsity!

Chapter 2 - Computer Security Threats

A computer security threat is a potential violation of security; it is

any person, act, or object that poses a danger to computer

security/privacy

The violation need not actually occur for there to be a threat

The fact that the violation might occur means that those actions

that could cause it to occur must be guarded against (or

prepared for)

Those actions are called attacks

Those who execute such actions, or cause them to be

executed, are called attackers

The computer world is full of threats; viruses, worms, crackers,

etc.

And so is the real world; thieves, pick-pockets, burglars,

murderers, drunk drivers, …

Note: the terms threat and attack are commonly used to mean

more or less the same thing

Threats and Attacks

Viruses

A computer program that is designed to replicate itself by copying itself into

the other programs stored in a computer.

Most viruses require end-user initiation, and can activate at a specific time or

date

Similar to a biological virus: replicates and spreads by its own

Damage varies on what the writer thinks

Nonvirus Virus or a Hoax

Another new type of virus

Rather than actually writing a virus, a perpetrator sends an e-mail to every

address he has. The e-mail claims to be from some well-known antivirus

center and warns of a new virus that is circulating. The e-mail instructs

people to delete some file from their computer to get rid of the virus.

The file, however, is not really a virus but part of a computer’s system

Some people could even e-mail their friends and colleagues to warn them

to delete such a file from their machines

Warms

Worms are malicious code that replicates by

independently exploiting vulnerabilities in networks.

Worms usually slow down networks. Whereas a virus

requires a host program to run, worms can run by

themselves.

Other than the initial infection, worms no longer require

user participation.

It can do as much harm as a virus

It often creates denial of service

Spy-wares

 Spyware is software that enables a criminal to

obtain information about a user’s computer activities.

Spyware often includes activity trackers, keystroke

collection, and data capture.

 In an attempt to overcome security measures, spyware often modifies

security settings.

Adware

 Adware typically displays annoying pop-ups to generate revenue for its

authors.

 The malware may analyze user interests by tracking the websites

visited.

 It can then send pop-up advertising pertinent to those sites.

Class of Attacks

Direct-access attacks

System access is the ability for an unauthorized intruder to gain

access to a device for which the intruder does not have an account or

a password.

Entering or accessing systems to which one does not have authority

to access usually involves running a script, or tool that exploits a

known vulnerability of the system or application being attacked

An unauthorized user gaining physical access to a computer (or part

thereof) can perform many functions, install different types of devices

to compromise security, including operating system modifications,

software worms, key loggers, and covert listening devices

Direct-access attacks are the only type of threat to Standalone

computers (never connect to internet), in most cases

Class of Attacks

Denial-of-Service (DoS) Attacks

Denial of service implies that an attacker disables or corrupts

networks, systems, or services with the intent to deny services to

intended users.

DoS attacks involve either crashing the system or slowing it down to

the point that it is unusable.

But DoS can also be as simple as deleting or corrupting information.

In most cases, performing the attack simply involves running a script.

The attacker does not need prior access to the target because a way

to access it is all that is usually required.

For these reasons, DoS attacks are the most feared.

Class of Attacks

Man-in-the-middle - A criminal performs a man-in-the-middle

(MitM) attack by intercepting communications between

computers to steal information crossing the network.

The criminal can also choose to manipulate messages and

relay false information between hosts since the hosts are

unaware that a modification to the messages occurred.

MitM allows the criminal to take control over a device without

the user’s knowledge.

Program flaws

Program flaws can have two kinds of security implications:
They can cause integrity problems leading to harmful output or
action, and they offer an opportunity for exploitation by a malicious
actor.
o
program flaw can be a fault affecting the correctness of the
program’s result —that is, a fault can lead to a failure.
o
Incorrect operation is an integrity failing.
o
Integrity is one of the three fundamental security properties of the
C-I-A triad.
o
Integrity involves not only correctness but also accuracy,
precision, and consistency.
A faulty program can also inappropriately modify previously
correct data, sometimes by overwriting or deleting the original data.
o
Even though the flaw may not have been inserted maliciously, the
outcomes of a flawed program can lead to serious harm.

Buffer Overflow

 In a computer program, variables are allocated with fixed-

size blocks of memory.

 After this memory is allocated, the program can store and

retrieve data from these locations.

 Buffer overflows occur when the amount of data written to

one of these blocks of memory exceeds its size.

 As a result, memory allocated for other purposes is

overwritten, which can have various effects on the program

A buffer overflow attack is a common cyberattack that
deliberately exploits a buffer overflow vulnerability where user-
controlled data is written to memory.
By submitting more data than can fit in the allocated memory
block, the attacker can overwrite data in other parts of memory.

Incomplete Mediation

 Incomplete mediation :Inputs to programs are often specified by

untrusted users.

 Web-based applications are a common example • “Untrusted” to do

what?

 Users sometimes mistype data in web forms

o Phone number: 51998884567

o Email: iang#cs.uwaterloo.ca

 The web application needs to ensure that what the user has entered

constitutes a meaningful request this is called mediation

 Incomplete mediation occurs when the application accepts incorrect

data from the user ;

Sometimes this is hard to avoid

o Phone number: 519-886-

o This is a reasonable entry, that happens to be wrong

Incomplete Mediation

 We focus on catching entries that are clearly wrong •

 Not well formed

o DOB: 1980-04-

 Unreasonable values

o DOB: 1876-10-

Inconsistent with other entries

Why do we care?

 What’s the security issue here?

 What happens if someone fills in:

 DOB: 98764874236492483649247836489236492

o Buffer overflow?

 DOB: ’; DROP DATABASE clients;

o SQL injection?

Client-side mediation

Writes a script that interacts with the web server instead of
using a web browser at all?
Connects to the server “manually”? (telnet server.com 80)
Note that the user can send arbitrary (unmediated) values to the
server this way
The user can also modify any client-side state

 Example

At a bookstore website, the user orders a copy of the course text.

The server replies with a form asking the address to ship to. This form has

hidden fields storing the user’s order •

<input type="hidden" name="isbn"

value="0-13-239077-9">

<input type="hidden" name="quantity"

value="1">

<input type="hidden" name="unitprice"

value="111.00">

What happens if the user changes the “unitprice” value to “50.00” before submitting the

form?

19

Defenses against incomplete mediation

Client-side mediation is an OK method to use in order to

have a friendlier user interface, but is useless for

security purposes.

You have to do server-side mediation, whether or not

you also do client-side.

For values entered by the user:

o

Always do very careful checks on the values of all

fields

o

These values can potentially contain completely

arbitrary 8-bit data (including accented chars, control

chars, etc.) and be of any length

For state stored by the client:

o

Make sure client has not modified the data in any way