You are on page 1of 11

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

International Diploma in Computing Computer security (C2025) Assignment Term Two 2008 Student name: Student ID: Title: Cyber security

Contents

1. Introduction 2. Cyber Security 3. Cyber attack 4. Cyber Security technologies

5. Conclusion

1. Introduction It seems that everything relies on computers and the internet nowadays from communication, education, entertainment etc. No doubt that computers and telecommunications provide a lot of convenient for our life. Unfortunately, although most people use the Internet as a powerful and beneficial tool for communication and education, some individuals exploit the power of the Internet for criminal or terrorist purposes Cyber world is a space created by electronic communication with computers virtual space. It is not a real world, but everything is happening as real time. This virtual world enhances our quality of life, saves us much time and makes the world closer. In the cyber world, you can do anything that you want, and all that are real happening. Cyber world seems to be another area where all human behavior is mimicked from the real world. Activities and behaviors in the cyber world can be positive and negative – mimic real world activities and behaviors. All negative activities and behaviors may affect others in the cyber world.

Page 1

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

Page 2

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

2. Cyber Security Everyone can connect to cyber world with computer by internet. Internet provides 24 hours services a day for information access, providing credit and financial services, and shopping. The Internet lets us communicate around the world. Unfortunately, many computer systems and networks are not designed with security in mind. As a result, some individuals exploit the Internet to perform criminal actions and other harmful acts. It is vulnerable to gain unauthorized access to your computer, and use that access to steal your identity, commit fraud, or even launch cyber attacks against others. Therefore, there are varieties of cyber security technologies have been invented to defend the increasing threats of cyber attack. Many attacks on internet have no particular target. The attacker simply sends a large broadcast that uses any unprotected system as a staging point from which to launch an attack. Using computers without basic protections like firewall, anti-virus software and user education not only affects your own business, but also causes virus spread around the internet. System’s lack of protection makes you become a target: it can destroy your computer, your network and can contribute to a virus distribution that slow or halts portions of the internet. All of us, who use the Internet, have responsibilities to maintain a culture of security in order to increase consumer and business confidence. Security scheme should be adopted to protect the cyber world. Cyber world is a combination of computer and network. Cyber security has to protect these two main items to provide services with confidentiality, integrity and availability. Confidentiality - Cyber security protects information that should be available only to those who rightfully have access to it. Private and sensitive information are safely to be stored and transferred to somebody who has right to access. Integrity - Cyber security protects information that should be modified only by those who are authorized to do so. Information can be confirmed that it is come from a trusted media. Availability - Cyber security protects information that should be accessible to those who need it. Timely and uninterrupted service can be provided. Cyber security technologies are the process of preventing and detecting cyber attack. Some security attacks arise from the possibility of user misuse to infect virus, which can be detected and filter. Other attacks from intruder unauthorized access and denial of service can also be prevented by security network design. Although cyber security technologies cannot prevent every possible attack, cyber security plan can help to reduce the risk of being attacked and reduce the time for backup and recovery.

Page 3

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

3. Cyber Attack Cyber attack is describing crimes that occur in a virtual world as opposed to tangible attacks such as war. A targeted cyber attack means the attacker specifically targets someone or a company to attack. A successful attack will typically allow attacker to gain access to the victim’s assets, allowing stealing of sensitive internal data and possibly cause disruption and denial of service. Victims of such attacks typically suffer financial losses and might also lose credibility. Most attacks on the Internet consist of opportunistic attacks rather than attacks targeted for some specific entity. An opportunistic attack is when an attacker targets various different parties by using one or various generic ways to attacks such parties, in hope that some of them will be vulnerable to attack. In an opportunistic attack, an attacker will have a large number of targets and will not care that much on who the victim is, but rather on how many victims there are. On the other hand, various individual organizations are still potential victims to targeted attacks. A targeted attack is much more effective and damaging for the victim since the actions performed by the malicious hacker are tailored. Below list some commonly cyber attacks: Email The basic email protocols (RFC) do not provide any authentication of the “From” address. Attacker will use various methods to fool victims into visiting their malicious website while pretending to be a trusted sender. For example, simulate the common domain name by altering one letter, exploit vulnerabilities in web browsers, etc. Besides, attacker will launch his own code on victim’s computer by attaching his executable to email message. This common attack is known as “Mass Mailing Worms”. Trojan horse Trojan horse program is a common way for intruders to trick you (sometimes referred to as "social engineering") into installing "back door" programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus. Worms Worms are viruses that spread through computer networks. They replicate themselves from machine to machine through network. They can replicate themselves many times and create next version by their malicious code. Network Attack Page 4

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

Attacker can get the location (IP address) of the company by making use of email and other similar technology, or go through the gateway. The attacker will then enumerate the IP address pool belonging to the victim, and enumerate the services exposed to the Internet, such as SMTP, HTTP or VPN. Version information will also help attacker to determine if the service is running up to date software with all the security fixes; or help them to audit the software for new unknown security flaws. For example, if the target is known to be running IIS 6 with a specific commercial or OpenSource Web Application, the attacker is likely to download that web application and learn all about its default settings, how the web application implements security or where sensitive files are stored. Distributed denial of service attacks DDoS (Distributed Denial of Service) allows attacker to knock off his victims rather than steal information. This attack typically consists of flooding the network with packets, reaching its limits. As a result, legitimate requests are lost or at least the service becomes too slow to work with. The attacker targets a large number of victims by making use of opportunistic attacks, and through them to direct thousands of systems to attack a single server or network. Bypassing security mechanisms

Bypassing traditional anti-virus

Attacker usually creates custom made program and delivers to victims. The anti-virus software will try to match the attacker’s program against a list of known virus and will probably be bypassed.

Bypassing firewall

Attacker can attack servers that are not fully protected by firewall and hop from server to server. Some administrators might release firewall to access server to server for themselves; attackers can follow the administrator’s steps to do the same case.

Page 5

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

4. Cyber Security Technologies:

Public communication networks traditionally have not been secure in the sense of providing high levels of security for the information that is transmitted. As these networks are increasingly used for commercial transactions, the need to provide security becomes critical. Below describe some commonly used technologies for managing cyber security: Firewall System Firewall is a very good security solution especially at covering up vulnerable services that should never be exposed to aggressive networks such as the Internet. Having a wellconfigured firewall minimizes exposure and allows administrator to focus on securing more sensitive or vulnerable parts of the network. A firewall is implemented in a computer or a router, and its role is to control external access to internal information and services. Various fields in arriving packets are examined to determine whether they should be allowed to pass or to be discarded. These fields can include source and destination IP addresses and TCP/UDP port numbers, ICMP message types and fields inside the IP and TCP payloads.

There are three common types of firewall filtering:

Packet filtering

Page 6

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

Packet filters can filter packets based on protocol, source or destination port number and source or destination address, or computer name. IP packet filters are static, and communication through a specific port is either allowed or blocked. Blocked packets are usually logged, and a secure packet filter denies by default.

Circuit-level filtering

Circuit-level filters inspect sessions rather than payload data. An inbound or outbound client makes a request directly against the firewall/gateway, and in turn the gateway initiates a connection to the server and acts as a broker between the two connections. With knowledge of application connection rules, circuit level filters ensure valid interactions. They do not inspect the actual payload, but they do count frames to ensure packet integrity and prevent session hijacking and replaying.

Application filtering

Application filters can analyze a data stream for an application and provide applicationspecific processing, including inspecting, screening or blocking, redirecting, and even modifying the data as it passes through the firewall. Application filters protect against attacks unsafe SMTP commands, attacks against internal DNS servers and HTTP-based attacks. Cryptography Cryptography is the science of using mathematics to encrypt and decrypt data. It enables users to store sensitive information or transmit it across insecure networks (such as Internet) so that it cannot be read by anyone except the intended recipient. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key (word, number or phase) to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The cryptographic algorithm, all possible keys and all the protocols that make it work comprise a cryptosystem.

Data Encryption Standard (DES)

Page 7

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

DES is the most widely used shared key cryptosystem. In the encryption process, DES first divides the original message into blocks of 64 bits. Each block is then separately encrypted into a block of 64-bit ciphertext. DES uses a 56-bit secret key and the encryption algorithm has 19 steps. The decryption basically runs the algorithm in reverse order. Each step in DES algorithm takes a 64-bit input from the preceding step and produces a 64-bit output for the next step. The first step performs an initial permutation of 64-bit plaintext that is independent of the key. The last step performs a final permutation that is the inverse of the initial permutation. The next-to-last stage swaps the 32 bits on the left with the 32 bits on the right. Each of the remaining 16 iterations performs the same function but uses a different key. The key at each iteration is specifically generated from the key at the preceding iteration. First a 56-bit permutation is applied to the key. Then the result is partitioned into two 28-bit blocks, each of which is independently rotated left by some number of bits. The combined result undergoes another permutation. Finally a subset of 48 bits is used for the key at given iteration.

Pretty Good Privacy (PGP)

Page 8

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext and creates a session key, which is a one-time-only secret key. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Decryption works in the reverse. The recipient's PGP uses his or her private key to recover the temporary session key, and PGP then uses the key to decrypt the conventionally-encrypted ciphertext.

Content Filtering Content filtering is the technique to block or allow content based on analysis of its content, rather that its source or other criteria. It is widely used on the Internet to filter email and web access. Content filtering can be divided into Web filtering, the screening of Web sites or pages, and e-mail filtering, the screening of e-mail for spam or other objectionable content.

Content filtering of email

Page 9

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

Content filtering of email is the most common methods to filter spam. Content filters act on the email content, the information contained in the mail body or on the mail headers to classify, accept or reject a message Usually anti-virus methods can be classified as content filters too, since they scan simplified versions of either the binary attachments of mail or the HTML contents. Content filters can also analyze data and either restrict the data or change the data.

Content filtering of web content

Web filter is a program that screens an incoming Web page to determine whether some or all of it should not be displayed to users. The filter checks the origin or content of a Web page against a set of rules provided by company or person who has installed the Web filter. A Web filter allows an enterprise or individual user to block out pages from Web sites that are likely to include objectionable advertising, pornographic content, spyware, viruses, and other objectionable content. Some Web filters also provide reporting function so that the installer can see what kind of traffic is being filtered and who has requested it. They provide soft blocking (in which a warning page is sent to the user instead of the requested page while still allowing access to the page) and an override capability that allows an administrator to unlock a page. Separate Network When a network attack occurs on an open network, the attacker will be able to attack other hosts on the same network. The solution is to physically separate different networks and apply access control between different sections of the network.

Page 10

International diploma in Computing Computer security (C2025) Assignment Term Two 2008 Cyber security

Student name: Student ID:

5. Conclusion

Everyone should be aware of cyber security, and has responsibility to protect the confidentiality, integrity, and availability of information. In today's highly networked systems environment, all individuals require:
• • •

Understand their roles and responsibilities related to the security mission Understand the organization's information technology security policy, procedures, and practices Have at least adequate knowledge on various management, operational and technical controls required and available to protect the IT resources/network environment of their responsible areas

It aims to produce security behaviors that are automatic. The goal is to make "thinking security" becomes a natural reflex for everyone in the organization. Awareness activities can be built under these reflexes for both the security professional and everyday user.

-- End of Document --

Page 11