Professional Documents
Culture Documents
1|Page
4. What is computer security?
Ans :
The term computer security has different interpretation based on what era the term describes.
Early on, computer security specialized in keeping the glass house in which the computer core was positioned
safe from vandalism, along with providing constant cooling and electricity. As computer become more
dispersed, security became more of an issue of preserving data and protecting its validity, as well as keeping the
secrete.
2|Page
4. Spyware. Is a Malware which is designed to spy on the victim’s computer. If you are infected
with it, probably your daily activity or certain activity will be spied by the spyware and it will
find itself a way to contact the host of this malware.
5. Backdoor. Backdoor is not really a Malware, but it is a form of method where once a system is
vulnerable to this method, attacker will be able to bypass all the regular authentication service. It
is usually installed before any virus or Trojan infection because having a backdoor installed will
ease the transfer effort of those threats.
6. DDoS. One of the most famous thing done by Anonymous, which is to send millions of traffic to
a single server to cause the system to down with certain security feature disable so that they can
do their data stealing. This kind of trick which is to send a lot of traffic to a machine is known as
Distributed Denial of Service, also known as DDoS.
3|Page
4. Human authentication is the verification that a person initiated the transaction, not the computer.
Challenge-response authentication is an authentication method used to prove the identity of a user
logging onto the network.
5. When a user logs on, the network access server (NAS), wireless access point or authentication server
creates a challenge, typically a random number sent to the client machine.
6. The client software uses its password to encrypt the challenge through an encryption algorithm or a one-
way hash function and sends the result back to the network. This is the response.
4|Page
o Generally referred to as hacker, cracker
o unauthorized user
o authorized but misuse privileges
o accessing computer systems and networks without authorization
Intruders Insider
1. Intruders are authorized or unauthorized 1. Insider are authorized users who try to
users who are trying to access the system or access system or network for which he is
network authorized
2. Intruders are hacker or cracker 2. Insider are not hacker
3. Illegal user 3. legal user
4. Less dangerous than insider 4. more dangerous than intruders
5. Intruders have to study/gain knowledge 5. insider have a knowledge about the security
about the security system system
6. Intruders do not have to access to system 6. easy access to the system
7. Many security mechanism are used to 7. there is no such mechanism to protect
protect system from intruders system from insider.
5|Page
This is called the TCP three-way handshake, and is the foundation for every connection established using the
TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client
can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, causing the
server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it
never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion could also be the
cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind
resources on the server until no new connections can be made, resulting in a denial of service to legitimate
traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved
of resources in this way.
DDOS:
1. DDOS, short for Distributed Denial of Service, is a type of DOS attack where multiple compromised
systems -- which are usually infected with a Trojan -- are used to target a single system causing a Denial
of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all
systems maliciously used and controlled by the hacker in the distributed attack.
2. DDoS stands for Distributed Denial of Service. As the name suggests, a DDoS is typically launched
from a distributed network of computers, and may be coordinated by one computer.
3. By overloading the target computer or network with requests to access some part of it, the computers
carrying out a DDoS may be able to overwhelm the target system.
4. As a result, the target computer or network’s resources are totally consumed by its attempts to respond to
these requests and the target is consequently unable to carry out its routine tasks. This means that its
users are denied the services which it usually provides.
5. Credit card and bank websites have been the targets of such attacks in the past, and this has resulted in
their customers being unable to use their pages.
6|Page
Spoofing is making data similar to it has come from a different source. This is possible in
TCP/IP because of the friendly assumptions behind the protocols. The assumption at the time of
protocol development is that an individual who is having access to the network layer will be privileged
users who can be trusted.
When a packet is sent from one system to another, it includes not only the destination IP
address and port but the source IP address as well. This is one of the several forms of spoofing.
1.Spoofing E-mail :
a. E-mail spoofing can be easily accomplished, and there are several different ways to do
it and programs that can assist you in doing so. E-mail spoofing refers to email that
appears to have been originated from one source but it was actually send from another
source. Best example of Email Spoofing is Spam Mail and Junk mails.
b. A very simple method to spoof an e-mail address is to telnet to port 25, the port is
associated with e-mail on a system. From there, you can fill in any address for the From
and To sections of the message, whether or not the addresses are yours and whether
they actually exist or not. There are simple ways to determine that an e-mail message
was probably not sent by the source, but most users do not question their e-mail and
will accept it.
2.URL Spoofing :
a. An Attacker acquires a URL close to the one they want to spoof so that e-mail sent from
their system appears to have come from the official site.
b. For example, if attackers wanted to spoof XYZ Corporation, which owned XYZ.com,
the attackers might gain access to the URL XYZ.Corp.com. An individual receiving a
message from the spoofed corporation site would not normally suspect it to be a spoof
but would take it to be official. This same method can be, and has been, used to spoof
web sites.
3.IP Address Spoofing :
a. The IP protocol is designed to work to have the originators own IP address in the “From”
portion of the packet. There are nothing that prevents a system from inserting a different address
in the “From” portion of the packet is known as IP Address Spoofing.
b. An IP address may be spoofed for several reasons like in a specific DOS attack known as a
smurf attack, the attacker sends a spoofed packet to the broadcast address for a network, which
distributes the packet to all systems on that network.
c. In this attack, the packet sent by the attacker to the broadcast address is an echo request with the
fake from address so that it appears that another system has made the echo request. The system’s
normal response to an echo request is an echo reply, and it is used in the ping utility to let a user
know if a remote system is reachable and is responding. In the smurf attack, the request is sent
to all systems on the network, so all systems will respond with an echo reply to the target system
14. Explain different models of access controls.
7|Page
Ans:
Access control: It is the process of deciding who can use specific systems, resources, and applications.
An access control model is a defined set of criteria a system administrator utilizes to define system users’
rights. There are three main access control models. These are Mandatory Access Control (MAC), Discretionary
Access Control (DAC), and Role Based Access Control (RBAC). In addition, a Rule Based Access Control
(RBAC) model is useful for managing permissions across multiple systems.
The mandatory access control model assigns users’ roles strictly according to the system administrator’s
wishes. This is the most restrictive access control method because the end user cannot set any access controls on
files. Mandatory access control is popular in highly secretive environments, such as, the defense industry where
errant files can jeopardize national security.
Discretionary access control is at the other end of the access spectrum differing from the mandatory access
model in that it is the least restrictive of the three models. Under the discretionary access model the end user has
complete freedom to assign any rights to objects that he wishes. This level of complete control over files can be
dangerous because if an attacker or malware compromises the account then the malicious user or code will have
complete control as well.
Role based access control creates permissions by assigning access rights to specific roles or jobs within the
company; RBAC then assigns users to those roles, thereby granting privileges. This access control model
functions effectively in actual organizations because files and resources are assigned permissions according to
the roles that require them. For instance, a system administrator may create an access role for managers only. So
a user would need to be assigned the role of a manager to use those resources.
8|Page
Malfunction
Both equipment and software malfunction threats can impact upon the operations of a website or web
application. All assets required for the operation of the web system must be identified to be able to evaluate the
threats. Malfunction of software is usually due to poor development practices where security has not been built
into the software development life cycle.
Malware
Malware, or malicious software, comes in many guises. Web servers are popular targets to aid distribution of
such code and sites which have vulnerabilities that allow this are popular targets.
Spoofing
Spoofing where a computer assumes the identity of another and masquerading where a user pretends to be
another, usually with higher privileges, can be used to attack web systems to poison data, deny service or
damage systems.
Scanning
Scanning of web systems are usually part of network or application fingerprinting prior to an attack, but also
include brute force and dictionary attacks on username, passwords and encryption keys.
Eavesdropping
Monitoring of data (on the network, or on user's screens) may be used to uncover passwords or other sensitive
data.
Scavenging
Examining 'found' data from accessible sources such as the network, search engines and waste. The actual target
information could be found, but more often scavenging is used as a way to select other threats for vulnerabilities
that are known to exist for the web system (e.g. operating system, firewall type, server software, application
software).
Spamming
Overloading a system through excessive traffic can lead to denial of service for other users or system failure.
Out of band
Network attack techniques such as tunneling to access low level system functions can mean the target such as a
router or server can be taken over. Once an attacker has control, this can be used to attack other assets required
for the continued operation of a web site.
9|Page
Virus Worms
1. A virus is a piece of code that attaches itself 1. A worms is a malicious program that spread
to legitimate program automatically
2. Virus modified the code 2. Worms does not modified the code
3. It does not replicate itself 3. It replicate itself
4. Aim of virus is to infect the code or program 4. Aim of program is to make computer or network
stored on computer system unusable
5. Virus can infect other files 5. Worms does not infect other files but occupies
memory space by replication
6. Virus may need a trigger for execution 6. Worms does not need any trigger
7. Virus is a destruction on nature 7. Worms is non destructive in nature
10 | P a g e