Cyber Security attacks and computer security, Lecture notes of Cybercrime, Cybersecurity and Data Privacy

Introduction to cyber security

Typology: Lecture notes

2018/2019

Uploaded on 08/04/2019

Ramyaarulraj
Ramyaarulraj 🇮🇳

4.8

(5)

4 documents

1 / 16

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CYBER SECURITY
UNIT-1
Is there security problem in Computing? What does security mean? – Attacks - The meaning of
computer Security, Computer Criminals, Methods of Defense – Hardware and Software security.
Is There a Security Problem in Computing?
The risks involved in computing
The goals of secure computing: confidentiality, integrity, availability
The threats to security in computing: interception, interruption, modification,
fabrication
Controls available to address these threats: encryption, programming controls,
operating systems, network controls, administrative controls, law, and ethics.
1.1 What Does "Secure" Mean?
Protecting assets was difficult and not always effective in older days. Today, however,
asset protection is easier, with many factors working against the potential criminal.
The techniques of criminal investigation have become so effective that a person can be identified
by genetic material (DNA), fingerprints, retinal patterns, voice, a composite sketch, ballistics
evidence, or other hard-to-mask characteristics. The assets are stored in a safer form.
Protecting Valuables
Protecting Money vs. Protecting Information
Characteristic Bank Protecting money People protecting information
Size and
portability
Sites storing money are
large, unwieldy, not at
all portable.
Items storing valuable assets are very small
and portable.
Ability to avoid
physical contact
Difficult. When banks
deal with physical
currency, a criminal must
physically demand the
money and carry it away
from the bank's
premises.
Simple. When information is handled
electronically, no physical contact is
necessary.
Money can be transferred through
computers, mail, or telephone.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Cyber Security attacks and computer security and more Lecture notes Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CYBER SECURITY

UNIT-

Is there security problem in Computing? What does security mean? – Attacks - The meaning of computer Security, Computer Criminals, Methods of Defense – Hardware and Software security.

Is There a Security Problem in Computing?

- The risks involved in computing - The goals of secure computing: confidentiality, integrity, availability - The threats to security in computing: interception, interruption, modification, fabrication - Controls available to address these threats: encryption, programming controls, operating systems, network controls, administrative controls, law, and ethics.

1.1 What Does "Secure" Mean? Protecting assets was difficult and not always effective in older days. Today, however, asset protection is easier, with many factors working against the potential criminal. The techniques of criminal investigation have become so effective that a person can be identified by genetic material (DNA), fingerprints, retinal patterns, voice, a composite sketch, ballistics evidence, or other hard-to-mask characteristics. The assets are stored in a safer form. Protecting Valuables

Protecting Money vs. Protecting Information

Characteristic Bank Protecting money People protecting information

Size and

portability

Sites storing money are

large, unwieldy, not at

all portable.

Items storing valuable assets are very small

and portable.

Ability to avoid

physical contact

Difficult. When banks

deal with physical

currency, a criminal must

physically demand the

money and carry it away

from the bank's

premises.

Simple. When information is handled

electronically, no physical contact is

necessary.

Money can be transferred through

computers, mail, or telephone.

Value of assets Very high. Variable, from very high to very low depending upon the information.

Protecting our valuables, whether they are expressed as information or in some other way, ranges from quite unsophisticated to very sophisticated. As software consumers, we find that the lack of protection is all the more dangerous when we are not even aware that we may be susceptible to software piracy or corruption. Throughout this, we look at examples of how computer security affects our lives directly and indirectly. And we examine techniques to prevent security breaches or at least to mitigate their effects. We address the security concerns of software practitioners as well as those professionals, managers, and users whose products, services, and well-being depend on the proper functioning of computer systems. By studying this, you can develop an understanding of the basic problems underlying computer security and the methods available to deal with them. To product we have to do the following

- examine the risks of security in computing - consider available countermeasures or controls - stimulate thought about uncovered vulnerabilities - identify areas where more work is needed

In this chapter, we begin by examining what kinds of vulnerabilities computing systems are prone to. We then consider why these vulnerabilities are exploited: the different kinds of attacks that are possible. This chapter's third focus is on who is involved: the kinds of people who contribute to the security problem. Finally, we introduce how to prevent possible attacks on systems.

Characteristics of Computer Intrusion

Any part of a computing system can be the target of a crime. When we refer to a computing systema[1] we mean a collection of hardware, software, storage media, data, and people that an organization uses to perform computing tasks. Sometimes, we assume that parts of a computing system are not valuable to an outsider, but often we are mistaken. For instance,we tend to think that the most valuable property in a bank is the cash, gold, or silver in the vault. But in fact the customer information in the bank's computer may be far more valuable.

- Stored on paper, recorded on a storage medium, resident in memory, or transmitted over T telephone lines or satellite links, this information can be used in myriad ways to make money illicitly.

Figure 1-1. Threats, Controls, and Vulnerabilities.

However, we can see a small crack in the walla vulnerability that threatens the man's security. If the water rises to or beyond the level of the crack, it will exploit the vulnerability and harm the man.

There are many threats to a computer system, including human-initiated and computer-initiated ones. We have all experienced the results of inadvertent human errors, hardware design flaws, and software failures. But natural disasters are threats, too; they can bring a system down when the computer room is flooded or the data center collapses from an earthquake, for example.

A human who exploits a vulnerability perpetrates an attack on the system. An attack can also be launched by another system, as when one system sends an overwhelming set of messages to another, virtually shutting down the second system's ability to function.

We use a control as a protective measure. That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability.

A threat is blocked by control of a vulnerability.

We can view any threat being one of four kinds:

- Interception - interruption - modification - fabrication.

INTERCEPTION An interception means that some unauthorized party has gained access to an asset. The outside party can be a person, a program, or a computing system. Example: Illicit copying of program or data files, or wiretapping to obtaindata in a network. Although a loss may be discovered fairly quickly, a silent interceptormay leave no traces by which the interception can be readily detected.

INTERRUPTION In an interruption, an asset of the system becomes lost, unavailable, or unusable. Example: is malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a

particular disk file.

MODIFICATION If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. Example: Someone might change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically. It is even possible to modify hardware. Some cases of modification can be detected with simple measures, but other, more subtle, changes may be almost impossible to detect.

FABRICATION Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. The intruder may insert spurious transactions to a network communication system or add records to an existing database. Sometimes these additions can be detected as forgeries, but if skillfully done, they are virtually distinguishable from the real thing.

Method, Opportunity, and Motive A malicious attacker must have three things: 1.Method: the skills, knowledge, tools, and other things with which to be able to pull off the attack. 2.Opportunity: the time and access to accomplish the attack. 3.Motive: a reason to want to perform this attack against this system.

Finally, it is difficult to determine motive for an attack. Some places are what are called "attractive targets," meaning they are very appealing to attackers. Popular targets include law enforcement and defense department computers, perhaps because they are presumed to be well protected against attack. Other systems are attacked because they are easy. And other systems are attacked simply because they are there: random, unassuming victims. Protecting against attacks can be difficult. Anyone can be a victim of an attack perpetrated by an unhurried, knowledgeable attacker. In the remainder of this book we discuss the nature of attacks and how to protect against them.

1.3. The Meaning of Computer Security The purpose of computer security is to devise ways to prevent the weaknesses from being exploited. To understand what preventive measures make the most sense, we consider what we mean when we say that a system is "secure."

Security Goals We use the term "security" in many ways in our daily lives. A "security system" protects our house, warning the neighbors or the police if an unauthorized intruder tries to get in.

Can someone who is authorized disclose those data to other parties? Integrity In integrity, we may mean that the item is

- precise - (^) accurate - unmodified - modified only in acceptable ways - modified only by authorized people - modified only by authorized processes - consistent - internally consistent - meaningful and usable Integrity can also mean two or more of these properties. Welke and Mayfield recognize three particular aspects of integrity authorized actions, separation and protection of resources, and error detection and correction.

Availability Availability applies both to data and to services (that is, to information and to information processing), and it is similarly complex. As with the notion of confidentiality, different people expect availability to mean different things. For example, an object or service is thought to be available if

- It is present in a usable form. - It has capacity enough to meet the service's needs. - It is making clear progress, and, if in wait mode, it has a bounded waiting time. - The service is completed in an acceptable period of time. - We can construct an overall description of availability by combining these goals. We say a data item, service, or system is available if There is a timely response to our request. - Resources are allocated fairly so that some requesters are not favored over others. - (^) The service or system involved follows a philosophy of fault tolerance, whereby hardware or software faults lead to graceful cessation of service or to work-arounds rather than to crashes and abrupt loss of information. - The service or system can be used easily and in the way it was intended to be used. - Concurrency is controlled; that is, simultaneous access, deadlock management, and exclusive access are supported as required.

Vulnerabilities It is sometimes easier to consider vulnerabilities as they apply to all three broad categories of system resources (hardware, software, and data), rather than to start with the security goals themselves. The types of vulnerabilities apply to the assets of hardware, software, and data. These three assets and the connections among them are all potential security weak points.

Hardware Vulnerabilities Hardware is more visible than software, largely because it is composed of physical objects. Because we can see what devices are hooked to the system, it is rather simple to attack by adding devices, changing them, removing them, intercepting the traffic to them, or flooding them with traffic until they can no longer function. However, designers can usually put safeguards in place.

A more serious attack, "voluntary machine slaughter" or "machinicide," usually involves someone who actually wishes to harm the computer hardware or software. Machines have been shot with guns, stabbed with knives, and smashed with all kinds of things. Bombs, fires, and collisions have destroyed computer rooms. Ordinary keys, pens, and screwdrivers have been used to short-out circuit boards and other components. Devices and whole systems have been carried off by thieves. The list of the kinds of human attacks perpetrated on computers is almost endless.

Laptop computers are especially vulnerable because they are designed to be easy to carry. Safeware Insurance reported 600,000 laptops stolen in 2003. Credent Technologies reported that 29 percent were stolen from the office, 25 percent from a car, and 14 percent in an airport. Stolen laptops are almost never recovered: The FBI reports 97 percent were not returned [SAI05].

Software Vulnerabilities Computing equipment is of little use without the software (operating system, controllers, utility programs, and application programs) that users expect. Software can be replaced, changed, or destroyed maliciously, or it can be modified, deleted, or misplaced accidentally. Whether intentional or not, these attacks exploit the software's vulnerabilities.

A classic example of exploiting software vulnerability is the case in which a bank worker realized that software truncates the fractional interest on each account. In other words, if the monthly interest on an account is calculated to be $14.5467, the software credits only $14.54 and ignores the $.0067. The worker amended the software so that the throw-away interest (the $.0067) was placed into his own account. Since the accounting practices ensured only that all accounts balanced, he built up a large amount of money from the thousands of account throw-aways without detection. It was only when he bragged to a colleague of his cleverness that the scheme was discovered.

Software Deletion Software is surprisingly easy to delete. Each of us has, at some point in our careers, accidentally erased a file or saved a bad copy of a program, destroying a good previous copy. Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called configuration management so that software cannot be deleted, destroyed, or replaced accidentally. Configuration management

Data Confidentiality Data can be gathered by many means, such as tapping wires, planting bugs in output devices, sifting through trash receptacles, monitoring electromagnetic radiation, bribing key employees, inferring one data point from other values, or simply requesting the data. Because data are often available in a form people can read, the confidentiality of data is a major concern in computer security.

Data Integrity Stealing, buying, finding, or hearing data requires no computer sophistication, whereas modifying or fabricating new data requires some understanding of the technology by which the data are transmitted or stored, as well as the format in which the data are maintained. For instance, we saw in our truncated interest example that a criminal can perform what is known as a salami attack: The crook shaves a little from many accounts and puts these shavings together to form a valuable result, like the meat scraps joined in a salami.

Networks Networks are specialized collections of hardware, software, and data. Each network node is itself a computing system; as such, it experiences all the normal security problems. In addition, a network must confront communication problems that involve the interaction of system components and outside resources. The problems may be introduced by a very exposed storage medium or access from distant and potentially untrustworthy computing systems.

Access Access to computing equipment leads to three types of vulnerabilities. In the first, an intruder may steal computer time to do general-purpose computing that does not attack the integrity of the system itself. This theft of computer services is analogous to the stealing of electricity, gas, or water.

1.4. Computer Criminals For the purposes of studying computer security, we say computer crime is any crime involving a computer or aided by the use of one. Although this definition is admittedly broad, it allows us to consider ways to protect ourselves, our businesses, and our communities against those who use computers maliciously.

Amateurs Amateurs have committed most of the computer crimes reported to date. Most embezzlers are not career criminals but rather are normal people who observe a weakness in a security system that allows them to access cash or other valuables. In the same sense, most computer criminals are ordinary computer professionals or users who, while doing their jobs,

discover they have access to something valuable.

Crackers or Malicious Hackers System crackersa[2] often high school or university students, attempt to access computing facilities for which they have not been authorized. Cracking a computer's defenses is seen as the ultimate victimless crime. The perception is that nobody is hurt or even endangered by a little stolen machine time. Crackers enjoy the simple challenge of trying to log in, just to see whether it can be done. Most crackers can do their harm without confronting anybody, not even making a sound. In the absence of explicit warnings not to trespass in a system, crackers infer that access is permitted.

Career Criminals By contrast, the career computer criminal understands the targets of computer crime. Criminals seldom change fields from arson, murder, or auto theft to computing; more often, criminals begin as computer professionals who engage in computer crime, finding the prospects and payoff good. There is some evidence that organized crime and international groups are engaging in computer crime. Recently, electronic spies and information brokers have begun to recognize that trading in companies' or individuals' secrets can be lucrative.

Terrorists The link between computers and terrorism is quite evident. We see terrorists using computers in three ways:

- targets of attack: denial-of-service attacks and web site defacements are popular for any political organization because they attract attention to the cause and bring - undesired negative attention to the target of the attack. - (^) propaganda vehicles: web sites, web logs, and e-mail lists are effective, fast, and inexpensive ways to get a message to many people. - methods of attack: to launch offensive attacks requires use of computers.

We cannot accurately measure the amount of computer-based terrorism because our definitions and measurement tools are rather weak. Still, there is evidence that all three of these activities are increasing.

1.5. Methods of Defense

Harm occurs when a threat is realized against a vulnerability. To protect against harm, then, we can neutralize the threat, close the vulnerability, or both. The possibility for harm to occur is called risk. We can deal with harm in several ways. We can seek to

- prevent it, by blocking the attack or closing the vulnerability - deter it, by making the attack harder but not impossible

- I ndependent control programs: application programs, such as password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities - development controls: quality standards under which a program is designed, coded, tested, and maintained to prevent software faults from becoming exploitable vulnerabilities

Hardware Controls Numerous hardware devices have been created to assist in providing computer security.

- These devices include a variety of means, such as - hardware or smart card implementations of encryption - locks or cables limiting access or deterring theft - devices to verify users' identities - firewalls - intrusion detection systems - circuit boards that control access to storage media

Policies and Procedures Sometimes, we can rely on agreed-on procedures or policies among users rather than enforcing security through hardware or software means. In fact, some of the simplest controls, such as frequent changes of passwords, can be achieved at essentially no cost but with tremendous effect. Training and administration follow immediately after establishment of policies, to reinforce the importance of security policy and to ensure their proper use. We must not forget the value of community standards and expectations when we consider how to enforce security.

Physical Controls Some of the easiest, most effective, and least expensive controls are physical controls. Physical controls include locks on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters. Often the simple physical controls are overlooked while we seek more sophisticated approaches.

Effectiveness of Controls Merely having controls does no good unless they are used properly. Let us consider several aspects that can enhance the effectiveness of controls. Awareness of Problem People using controls must be convinced of the need for security. That is, people will willingly cooperate with security requirements only if they understand why security is appropriate in a given situation. However, many users are unaware of the need for security, especially in situations in which a group has recently undertaken a computing task that was previously performed with lax or no apparent security. Likelihood of Use

Of course, no control is effective unless it is used. The lock on a computer room door does no good if people block the door open. As Sidebar 1-7 tells, some computer systems are seriously uncontrolled.

Principle of Effectiveness: Controls must be usedand used properlyto be effective. They must be efficient, easy to use, and appropriate. This principle implies that computer security controls must be efficient enough, in terms of time, memory space, human activity, or other resources used, that using the control does not seriously affect the task being protected. Controls should be selective so that they do not exclude legitimate accesses.

Overlapping Controls As we have seen with fortress or home security, several different controls may apply to address a single vulnerability. For example, we may choose to implement security for a microcomputer application by using a combination of controls on program access to the data, on physical access to the microcomputer and storage media, and even by file locking to control access to the processing programs.

Periodic Review Few controls are permanently effective. Just when the security specialist finds a way to secure assets against certain kinds of attacks, the opposition doubles its efforts in an attempt to defeat the security mechanisms. Thus, judging the effectiveness of a control is an ongoing task.

Hardware and Software Security Chapters 3 through 7 address the role of security in general programs, operating systems, database management systems, and networks. In particular, the security problems and features of programs are introduced in Chapter 3. Here, we look at viruses and other malicious code and ways to devise controls against them. Operating systems are considered separately, in Chapter 4, because they play a major role in security and are fundamental to proper computer usage. While providing security features to protect one user from another, operating systems can at the same time introduce security vulnerabilities themselves. Chapter 5 focuses on a special type of operating system, called a trusted operating system, to study how to make certain data and functions accessible only to those who have the need or permission to view or handle them. This chapter is especially important for those developers who plan to design their own operating systems or modify functions in an existing operating system. Database management systems are also specialized programs: they permit many users to share access to one common set of data. Because these systems are partially responsible for the confidentiality, integrity, and availability of the shared data, we look at database security in Chapter 6. Chapter 7 contains material on security problems and solutions particular to computer

problems at once.

1.8. Terms and Concepts Virus, Trojan horse, worm, rabbit, salami, firewall, spray paint, mental poker, orange book, wardialer. The vocabulary of computer security is rich with terms that capture your attention.Also, the field is filled with acronyms: DES, AES, RSA, TCSEC, CTCPEC, ITSEC, PEM, PGP, andSSE CMM, to list a few. All of these are explained in this book.

1.9. Where the Field Is Headed The number of computer security professionals is growing rapidly but so, too, is the number of attackers. The U.S. CERT and its counterpart organizations around the world do an exceptional job of tracking serious system vulnerabilities and countermeasures. Several efforts are underway to categorize and catalog computer security incidents and vulnerabilities (for example, Landwehr et al. [LAN94]). Being able to sort and correlate incident information is critical to successful forensic analysis of large incidents.

Obviously, the popular attack point today is computer networks and, specifically, the Internet. Do not be misled, however, into thinking that all computer security is network security. As you will see throughout the remainder of this book, network security problems are often just the latest instantiation of computer security problems that predate the rise of the Internet problems such as identification and authentication, limited privilege, and designing for security. So although the problems of networks are pressing, they are long-standing, open problems.