Professional Documents
Culture Documents
Dolly Sharma
Ph.D., M. Tech. & B.Tech
Associate Professor
Amity School of Engineering and Technology, Amity University, Noida
Vanshika Rastogi
M.Tech & B.Tech
Assistant Professor
KCC Institute of Technology & Management, Greater Noida
Prabhakar Sharma
M.Tech (CDAC-Mohali) & B. Tech
Assistant Professor
ITS Engineering College, Greater Noida
PREFACE
We are extremely happy to come out with this book entitled “Computer System
Security – Basic Concept and Applications”. This book is for B.Tech (CSE/IT)
and MCA students of Dr. A.P. J. Abdul Kalam Technical University, Uttar Pradesh,
Lucknow. This book can also be followed by Engineering and MCA students of
other Universities. Postgraduates and Researchers will be the equal beneficiaries.
This book will help them to comprehend the basic concepts of Cyber Security.
Technology is a set of tools to improve the productivity, quality, and joy that they
get from their work. Security is an essential part of today’s cyber world. Everything,
from chat to shopping is on the internet today and thus, whatever we do online
needs to be protected and made secure. In this book, we have tried to emphasise on
the importance of security, various types of attacks, threats, vulnerabilities and
security at different levels. The topics have been presented in a form that is easy to
read and understand.
This book addresses the answer to the following questions related to computer
security:
• What are the different security architectures?
• What are the marketplaces for vulnerabilities?
• How can we defend against Control Hijacking?
• What is the Confinement principle?
• What are the various Access Control mechanisms?
• How can we have a secure web environment?
• What is Cryptography?
• How do we provide security at various levels of networking?
The book is divided into small chapters to make the concept clear. After each
chapter, exercise has been given to apply the knowledge gained. In the book, each
chapter contains exemplary problems and images to make the understanding better.
We hope, the book provides you a good knowledge about the world of Computer
System Security. We have tried to make every concept easy to read and understand.
SYLLABUS
KNC-301: COMPUTER SYSTEM SECURITY
UNIT-I
Computer System Security Introduction:
Introduction, What is computer security and what to l earn?, Sample Attacks, The Marketplace
for vulnerabilities, Error 404 Hacking digital India part 1 chase.
Hijacking & Defense:
Control Hijacking, More Control Hijacking attacks integer overflow, More Control Hijacking
attacks format string vulnerabilities, Defense against Control Hijacking - Platform Defenses,
Defense against Control Hijacking - Run-time Defenses, Advanced Control Hijacking attacks.
UNIT-II
Confidentiality Policies:
Confinement Principle, Detour Unix user IDs process IDs and privileges, More on confinement
techniques, System call interposition, Error 404 digital Hacking in India part 2 chase, VM
based isolation, Confinement principle, Software fault isolation, Rootkits, Intrusion Detection
Systems
UNIT-III
Secure architecture principles isolation and leas:
Access Control Concepts, Unix and windows access control summary, Other issues in access
control, Introduction to browser isolation.
Web security landscape:
Web security definitions goals and threat models, HTTP content rendering. Browser isolation.
Security interface, Cookies frames and frame busting, Major web server threats, Cross site
request forgery, Cross site scripting, Defenses and protections against XSS, Finding
vulnerabilities, Secure development.
UNIT-IV
Basic cryptography:
Public key cryptography, RSA public key crypto, Digital signature Hash functions, Public
key distribution, Real world protocols, Basic terminologies, Email security certificates,
Transport Layer security TLS, IP security, DNS security.
UNIT-V
Internet Infrastructure:
Basic security problems, Routing security, DNS revisited, Summary of weaknesses of internet
security, Link layer connectivity and TCP IP connectivity, Packet filtering firewall, Intrusion
detection.
SYLLABUS
KNC-301: COMPUTER SYSTEM SECURITY
CHAPTER-I
Computer System Security: Introduction, Computer Security and Architecture, The OSI
Architecture, Security Attacks, The Marketplace for Vulnerabilities, Common Computer
Security Vulnerabilities, Causes and Harms of Computer Security Vulnerabilities, A Model
for Network Security, Case Study: Hacking Digital India Part 1 Chase.
CHAPTER-II
Hijacking & Defense: Control Hijacking, Buffer Overflow Attacks, Control Hijacking Attacks
from String Vulnerabilities, Defense against Control Hijacking, Platform Defenses, Run-Time
Defenses.
CHAPTER-III
Confidentiality Policies: Confinement Principle, Detour Unix User IDs Process IDs and
Privileges, Basic Concepts of UNIX User IDs, Basic Permission Bits on Files and Directories,
UNIX-Access Control, System Call Interposition, Initial Implementation-JANUS, ptrace,
systrace, VM Based Isolation, Software Fault Isolation, Root Kits, Intrusion Detection Systems.
CHAPTER-IV
Secure Architecture Principles Isolation and Leas: Access Control Concepts, Discretionary
Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control
(RBAC), Issues in Access Control, Browser Isolation, How does it work, Advantages, CASE
STUDY- Access Control in Unix and Windows.
CHAPTER-V
Web security Landscape: Overview, HTTP, Features of HTTP, Architecture, Cookies, Major
Web Server Threats, Cross Site Request, Forgery, Cross Site Scripting, Defenses and
Protections against XSS, Finding Vulnerabilities, Secure Development.
CHAPTER-VI
Basic Cryptography: Public key Cryptography, RSA Public Key Cryptography, Generation of
RSA Key Pair, RSA Encryption, RSA Decryption, Digital Signature, Model of Digital Signature,
Encryption with Digital Signature, Importance of Digital Signature, Public Key Distribution, Email
Security Certificates, How does it work, Advantages, Transport Layer Security, TLS Advantages,
TLS Disadvantages, Working of TLS, IP Security, Components of IP Security, Working of IP
Security, Advantages, DNS Security, Types of Attacks, Measures against DNS Attacks.
CHAPTER-VII
Internet Infrastructure: Basic Security Problems, Routing Security, Weakness of Internet
Security, Common Security Problems, Means of Protection, Firewalls, Types of Firewalls,
How Firewalls work?
ACKNOWLEDGEMENTS
We are obliged to Almighty for everything that we have. We wish to express our profound
thanks to all those who helped in making this book a reality.
We are greatly thankful to Prof. J.P. Saini, Vice Chancellor (NSUT-Delhi), Prof. KV Arya,
Professor (IIITM-Gwalior), Prof. DS Yadav, Professor (IET-Lucknow), Prof. Raghuraj Singh,
Professor (HBTU-Kanpur), Prof. Vinay Rishiwal, Professor (Rohilkhand University, Bareilly),
Prof. P.K. Bharti, Vice Chancellor (SVU-Gajraula), Prof. K.P. Yadav, Vice Chancellor (Sangam
University-Bhilwara) and Prof. Deepak Garg, Professor (Bennett University-Greater Noida)
for their guidance while writing this book.
We would like to give our sincere thanks to Mr. Deepak Gupta (Chairman of KCC Institutes)
for his support.
We are thankful to Dr. R.K. Jain and all other staff members of JBC Press for making this
book a great reality. Best wishes to our students, enjoy learning “Computer System Security”.
We are Thankful to
Prof. R S Nirjar EX-Chairman, AICTE, Delhi
Prof. R P Yadav EX-VC, RTU, Kota
Prof. Brahmjit Singh Professor, NIT, Kurushetra
Prof. G S Yadava EX-Pro VC, Lingaya University, Faridabad
Prof. Sushrut Das Associate Professor, IIT, Dhanbad
Prof. Sudhir Kumar Director, Greater Noida College of Technology, Greater Noida
Prof. Ashish Gupta Professor, ITS Engg. College, Greater Noida
Prof. Sunil Kumar Director, IEC, Greater Noida
Prof. R L Yadav Professor, Galgotias College of Engineering Technology, Greater Noida
Prof. Pankaj Jha Associate Professor, IIMT, Greater Noida
Prof. C S Yadav Professor, NIET, Greater Noida
Prof. Kamlesh Rana Director, Accurate ITM, Greater Noida
Prof. R K Raghuvanshi Director, JIIMS, Greater Noida
Prof. Ghazala Naaz Professor, NIET, Greater Noida
Prof. Parmanand Dean, Sharda University
Prof. Rohit Garg Director, MIT, Moradabad
Prof. Ajay Kumar Director, Graphic Era University, Dehradun
Prof. Sanjay Singh Professor, ABES, Ghaziabad
Prof. Sapna Katiyar Professor, ABIT, Ghaziabad
Prof. Dharmendra Kumar Ass. Prof., Delhi Technical Campus, Greater Noida
Prof. Shivani Kaul Ass. Prof., KCC ITM, Greater Noida
Prof. Huma Khan Asst. Prof., KCC ITM, Greater Noida
Prof. Srinivas Aruonda Ass. Prof., KCC ITM, Greater Noida
Prof. Monu Singh Asst. Prof., KCC ITM, Greater Noida
Prof. Seema Srivastava Ass. Prof., KCC ITM, Greater Noida
Prof. Ravi B Singh Ass. Prof., KCC ITM, Greater Noida
Prof. Abhishek Swami Associate Professor, SGT University, Gurugram
Prof. Dilip Yadav Associate Professor, Galgotias University, Greater Noida
And all others who taught us, suggested us and helped us directly or indirectly.
CONTENTS
CHAPTER 1
COMPUTER SYSTEM SECURITY 1–12
1.1 INTRODUCTION 1
1.2 COMPUTER SECURITY AND ARCHITECTURE 2
1.2.1 The OSI Security Architecture 2
1.2.2 Threat 2
1.2.3 Attack 3
1.2.4 Security Attacks, Services and Mechanisms 3
1.3 SECURITY ATTACKS 4
1.3.1 Passive attack 4
1.3.2 Active attacks 6
1.4 THE MARKETPLACE FOR VULNERABILITIES 8
1.4.1 Common Computer Security Vulnerabilities 8
1.4.2 Causes and Harms of Computer Security Vulnerabilities 8
1.5 A MODEL FOR NETWORK SECURITY 9
1.6 CASE STUDY: Hacking Digital India Part 1 Chase 10
Exercise 11
CHAPTER 2
HIJACKING AND DEFENSE 13–20
2.1 CONTROL HIJACKING 13
2.1.1 Buffer Overflow attacks 13
2.1.2 Control Hijacking attack format string vulnerabilities 14
2.2 DEFENSE AGAINST CONTROL HIJACKING 15
2.2.1 Platform Defenses 16
2.2.2 Run-time Defenses 17
Exercise 19
x Computer System Security
CHAPTER 3
CONFIDENTIALITY POLICIES 21–34
3.1 CONFINEMET PRINCIPLE 22
3.2 DETOUR OF UNIX USER IDs, PROCESS IDs AND PRIVILIGES 22
3.2.1 Basic concepts of UNIX IDs 23
3.2.2 Basic Permission Bits on Files and Directories 23
3.2.3 UNIX-Access Control 23
3.3 SYSTEM CALL INTERPOSITION 26
3.3.1 Initial implementation-JANUS 27
3.3.2 Ptrace 29
3.3.3 Systrace 29
3.4 VIRTUAL MACHINE BASED ISOLATION 30
3.5 SOFTWARE BASED FAULT ISOLATION 31
3.6 ROOTKITS 31
3.7 INTRUSION DETECTION SYSTEM 32
Exercise 33
CHAPTER 4
SECURE ARCHITECTURE (PRINCIPLES, ISOLATION AND LEAS) 35–42
4.1 ACCESS CONTROL CONCEPTS 35
4.1.1 Discretionary Access Control (DAC) 35
4.1.2 Mandatory Access Control (MAC) 36
4.1.3 Role-Based Access Control (RBAC) 36
4.2 ISSUES IN ACCESS CONTROL 36
4.2.1 Appropriate role-based access 36
4.2.2 Poor password management 37
4.2.3 Poor user education 37
4.3 BROWSER ISOLATION 37
4.3.1 How does it work? 37
4.3.2 Advantages 38
4.4 CASE STUDY - ACCESS CONTROL IN UNIX AND WINDOWS 39
Exercise 42
CHAPTER 5
WEB SECURITY LANDSCAPE 43–56
5.1 OVERVIEW 43
5.2 HTTP 44
Computer System Security xi
CHAPTER 6
BASIC CRYPTOGRAPHY 57–74
6.1 PUBLIC KEY CRYPTOGRAPHY 57
6.1.1 Components of Public Key Encryption 58
6.1.2 Weakness of the Public Key Encryption 59
6.1.3 Applications 59
6.2 RSA PUBLIC KEY CRYPTOGRAPHY 59
6.2.1 Generation of RSA Key Pair 60
6.2.2 Generate the RSA modulus(n) 60
6.2.3 Find Derived Number(e) 60
6.2.4 Form the public key 61
6.2.5 Generate the private key 61
6.2.6 RSA Encryption 61
6.2.7 RSA Decryption 61
6.3 DIGITAL SIGNATURE 62
6.3.1 Model of Digital Signature 62
6.3.2 Encryption with Digital Signature 63
6.3.3 Importance of Digital Signature 64
6.4 PUBLIC KEY DISTRIBUTION 65
6.4.1 Public Announcement of Public Keys 65
6.4.2 Publicly Available Directory 65
6.4.3 Public-Key Authority 66
6.4.4 Public Key Certificates 66
xii Computer System Security
CHAPTER 7
INTERNET INFRASTRUCTURE 75–84
7.1 BASIC SECURITY PROBLEMS 75
7.1.1 Code Injection 75
7.1.2 Data Breach 76
7.1.3 Malware Infection 76
7.1.4 Distributed Denial Service of attack 76
7.2 ROUTING SECURITY 76
7.3 WEAKNESS OF INTERNET SECURITY 80
7.3.1 Common Security Problems 80
7.3.2 Means of protection 81
7.4 FIREWALLS 82
7.4.1 Types of Firewalls 82
7.4.2 How Firewalls work? 83
Exercise 84
Appendix 85
Model Question Paper 89
Glossary 91
References 93
1
Computer System Security
Learning Objective
• Computer Security • Common computer system vulnerabilities
• CIA Triangle • Causes and harm of vulnerabilities
• OSI Security Architecture • A network security model
• Security Attacks-Categories • Case Study: Hacking Digital India
• Active and Passive Attacks
We live in a digital era which understands that our private information is more
vulnerable than ever before. We all live in a world which is networked together, from
internet banking to government infrastructure, where data is stored on computers
and other devices. A portion of that data can be sensitive information, whether that is
intellectual property, financial data, personal information, or other types of data for
which unauthorized access or exposure could have negative consequences.
1.1 INTRODUCTION
Until the time, media publicized the data security; computer security was confined
to the physical security. Traditionally, computer facilities have been protected for
the following reasons:
i. To avoid theft or damage of the hardware.
ii. To avoid disruption of service.
iii. To avoid theft of the information.
Computer data often travels from one computer to another, leaving the safety of its
protected physical surroundings. Once the data is out of hand, people with bad
intention could modify or forge your data, either for amusement or for their own
benefit. Computer security basically is the protection of computer systems and
information from harm, theft, and unauthorized use. It is the process of preventing
and detecting unauthorized use of your computer system. It is the protection offered
to an automated information system in order to attain the applicable objectives.
computer security is the protection of computing
systems and the data that they store or access.
2 Computer System Security
Int
ial
nt
eg
ide
rit
y
nf
Information
Co
Security
Availability
1.2.2 Threat
A computer system threat is anything that leads to loss or corruption of data or
physical damage to the hardware and/or infrastructure. It has a potential for violation
of security, which exists when there is a circumstance, capability, action, or event
Computer System Security 3
that could breach security and cause harm. That is, a threat is a possible danger
that might exploit vulnerability. They can put individuals’ computer systems and
business computers at risk, so vulnerabilities have to be fixed so that attackers
cannot infiltrate the system and cause damage.
Threats can include everything from viruses, trojans, back doors to outright attacks
from hackers. Often, the term blended threat is more accurate, as the majority of
threats involve multiple exploits. For example, a hacker might use a phishing attack
to gain information about a network and break into a network.
1.2.3 Attack
An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.
BOB
BOB reads the
content of
message which
Lily sends to John
BOB
BOB observes the
pattern
of messages
exchanged
between
LILY and JOHN
Passive attacks are very difficult to detect because they do not involve any alteration
of data. However, it is feasible to prevent the success of these attacks.
BOB
BOB pretends
to be LILY
BOB
Captures the
message and
resend it to
(can send
multiple times)
BOB
Modifies the
message
and on send
to john
BOB
overload the server
by giving
false request
Instead, the goal is to detect them and to recover from any disruption or delays
caused by them.
Sender Recipient
Information
Security-related channel Security-related
transformation transformation
Message
Message
Message
Message
Secure
Secure
Secret Secret
information information
Opponent
Computing resources
Opponent (processor, memory, I/O)
- human (e.g., cracker) Data
- software (e.g., virus, worm)
Processes
Access Channel Gatekeeper Software
function
Internal security controls
that each one of us gets vulnerable the moment we get connected to the Internet, if
you are connected 24×7, and then you are vulnerable to it the whole day. Today in
our world absolute security is virtually non-existent. What was secure yesterday is
not secure today and what is secure today will definitely not be secure tomorrow.
With every minute passing by our lives we are constantly adding up data on the
internet, there is absolutely no denying that each one of us is connected with Internet
but today we are a part of it as well. Back in 2015 India had just 15 million smart
phones, but today we are one of the biggest smart phone markets having over 250
million devices in the country. Realizing the dreams of IOT ( Internet of things) is
just making the machines smarter day by day as we are giving away all our personal
and professional information to the machines for our own convenience.
The hackers create a Trojan file, an android apk file. The file is available on the
internet. One, who downloads this file, his phone is hacked. These files are usually
attached with some games like Candy Crush, Mini Militia and Clash of Clans. The
user is not aware that the file may contain a backdoor that can harm their data.
Once the user of the android downloads the file, the hacker gets the OS version
with access to everything on the device.
It not only makes use of Trojan Horse but also phishing and ransomware. Phishing
is a method of trying to gather personal information using deceptive e-mails and
websites. The goal is to trick the email recipient into believing that the message is
something they want or need — a request from their bank, for instance, or a note
from someone in their company — and to click a link or download an attachment.
Ransomware is a form of malware that encrypts a victim’s files. The attacker then
demands a ransom from the victim to restore access to the data upon payment.
Exercise
1. Explain the importance of computer security.
2. What is a CIA triad? Explain.
3. “What was secure yesterday is not secure today and what is secure today will
definitely not be secure tomorrow.” Justify the statement.
4. Differentiate between active and passive attacks.
5. Explain the various harms of computer system vulnerability.
6. Are threats and attacks same? Justify.
7. Explain how we can avoid passive attacks?
8. What are the various features of computers that are harmed by the computer
vulnerabilities?
9. Does authentication and authorization mean the same? If no, justify.
12 Computer System Security
When a program executes, it has a trajectory, the program runs from one instruction to
another. When a programmer writes a program, he has a control flow in mind and thus
the attacker tries to change the flow of control towards something that was not intended.
Most of the cases, this is done to take over the system or inject malicious code.
introduce extra code, sending new instructions to the application to gain access to
IT systems. If attackers know the memory layout of a program, they can intentionally
feed input that the buffer cannot store, and overwrite areas that hold executable
code, replacing it with their own code. For example, an attacker can overwrite a
pointer (an object that points to another area in memory) and point it to an exploit
payload, to gain control over the program.
For example, there is a code:
#include<stdlib.h>
#include<unistd.h>
#include<stdio.h>
int main(int args,char **argv){
volatile int modified;//when you declare some variable as volatile
char buffer[64];
modified=0;
gets(buffer);
if(modified!=0){
printf(“’modified’ variable changed”);
}
else{
printf(“\nTry again”);
}
}
If on execution, value of modified is changed then there is a buffer overflow that
has changed the value of modified.
C and C++ are two languages that are highly susceptible to buffer overflow attacks,
as they don’t have built-in safeguards against overwriting or accessing data in
their memory. Mac OSX, Windows, and Linux all use code written in C and C++.
Languages such as PERL, Java, JavaScript, and C# use built-in safety mechanisms
that minimize the likelihood of buffer overflow.
Types of Buffer Overflow Attacks
• Stack-based buffer overflows are more common, and leverage stack memory
that only exists during the execution time of a function.
• Heap-based attacks are harder to carry out and involve flooding the memory
space allocated for a program beyond memory used for current runtime operations.
• Click the Data Execution Prevention tab, and then click Turn on DEP for
all programs and services except those selected. (Fig. 2.2).
• To turn off DEP for an individual program, select the check box next to the
program that you want to turn off DEP for, and then click OK.
• If the program is not in the list, click Add. Browse to the Program Files folder,
find the executable file for the program (it will have an .exe file name
extension), and then click Open.
• Click OK, in the System Properties dialog box if it appears, and then click OK
again. You might need to restart your computer for the changes to take effect.
return the canary value is checked and if the value has changed the program is
terminated. Thus reducing code execution to a mere denial of service attack. The
performance cost of inserting and checking the canary is very small for the benefit
it brings, and can be reduced further if the compiler detects that no local buffer
variables are used by the function so the canary can be safely omitted.
Compilers implement this feature by selecting appropriate functions, storing the
stack canary during the function prologue, checking the value in the epilogue, and
invoking a failure handler if it was changed. For example consider the following
code:
void function1 (const char* str){
char buffer[16];
strcpy(buffer, str);
}
StackGuard automatically converts this code to:
2.2.2.1 Canaries
There are two types of canaries which are supported by StackGuard:
Terminator canaries
Most buffer overflow attacks are based on certain string operations which end at
string terminators. A terminator canary contains NULL(0x00), CR (0x0d), LF
(0x0a), and EOF (0xff), four characters that should terminate most string operations,
rendering the overflow attempt harmless. This prevents attacks using strcpy() and
other methods that return upon copying a null character while the undesirable
result is that the canary is known.
This type of protection can be bypassed by an attacker overwriting the canary with
its known values and the return address with specially-crafted value resulting in a
code execution. This can be when non-string functions are used to copy buffers
and both the buffer contents and the length of the buffer are attacker controlled.
Random canaries
A random canary is chosen at random at the time the program executes. With this
method, the attacker could not learn the canary value prior to the program start by
Hijacking and Defense 19
searching the executable image. The random value is taken from /dev/urandom if
available, and created by hashing the time of day if /dev/urandom is not supported.
This randomness is sufficient to prevent most prediction attempts. If there is an
information leak flaw in the application, which can be used to read the canary
value, this kind of protection could be bypassed.
Though StackGuard may be effective in preventing stack-buffer overflow attacks
it has certain limitations as well:
• An information disclosure flaw in a different part of the program could disclose
the global __stack_chk_guard value. This would allow an attacker to write
the correct canary value and overwrite the function return address.
• Not all buffer overflows are on stack. StackGuard cannot prevent heap-based
buffer overflows.
• While StackGuard effectively prevents most stack buffer overflows, some
out-of-bounds write bugs can allow the attacker to write to the stack frame
after the canary, without overwriting the canary value itself.
• If a function has multiple local data structures and pointers to functions, these
are allocated on the stack as well, before the canary value. If there is a buffer
overflow in any one of these structures, the attacker can use this to overwrite
adjacent buffers/pointers which could result in arbitrary code execution. This
really depends on the arrangement of data on the stack.
• On some architectures, multi-threaded programs store the reference canary
__stack_chk_guard in Thread Local Storage, which is located a few kb after
the end of the thread’s stack. In these circumstances, a sufficiently large
overflow can overwrite both canary and __stack_chk_guard to the same value,
causing the detection to incorrectly fail.
Exercise
1. What is Control Hijacking?
2. List out the different control attacks.
3. What are the intentions of the attacker while hijacking a system?
4. What are the different types of Buffer Overflow attacks?
5. Explain stack and heap based attacks.
6. Explain the various string vulnerabilities.
7. List out the various ways to defend against control hijacking.
8. How does fixing the bugs helps in defending against control hijacking?
9. Explain Data Execution Prevention.
20 Computer System Security
10. How Stack Guard does helps in Runtime defense against control hijacking?
OR
Explain the use of Stack Guard in defense against control hijacking.
11. What are canaries?
12. Briefly explain the different types of canaries supported by Stack Guard.
13. State the disadvantages of Stack Guard.
14. When is a random canary chosen?
15. Why do C and C++ tend to be more vulnerable towards control hijacking?
a
3
Confidentiality Policies
Learning Objective
• Discretionary Access Control • System Call Interposition
• Mandatory Access Control • Virtual Machine Based Isolation
• Confinement Principle • Software Based Fault Isolation
• UNIX-User IDs, Access, Privileges • Rootkits
may resolve to any number of principals but any principal is expected to resolve to a
single user (assuming people observe the requirement not to share IDs).
account encrypted uid group id “In real life” where files what shell
name password start program starts
on login
24 Computer System Security
Every process inherits its uid based on which user starts the process. Every process
also has an effective uid, also a number, which may be different from the uid.
Finally, each UNIX process is a member of some groups. In the original UNIX
every user was a member of one group. Currently, users can be members of more
than one group. Group information can be taken from /etc/passwd or from a file /
etc/groups. System administrators control the latter file. An entry in /etc/groups
may look like:
Staff : “ : 17 : fbs, Idzhou, ulfar
files or fill up other disks (a denial of service attack). The protections on the mail
spool directory itself should allow create and write access only to the mail server
and read and delete access only to the local server. No other user should have
access to the directory.
In practice, most systems will allow an administrator access to the mail spool directory.
By the principle of least privilege, that administrator should be able to access only
the subjects and objects involved in mail queuing and delivery. As we have seen, this
constraint minimizes the threats if that administrator’s account is compromised. The
mail system can be damaged or destroyed, but nothing else can be.
directory, because it does not need to access that file again. The server should not
be able to access any user’s files, or any files other than its own configuration files.
Application
janus
process process
Policy Engine
process
open (“foo”)
Allow Deny
open (“foo”)
result
User Space
Kernel Space
open (“foo”)
System Call Entry mod_janus
result
result
Allow
Kernel Proper
open (“foo”)
3.3.2 ptrace
The ptrace() system call provides a means by which a parent process may observe
and control the execution of another process, and examine and change its core
image and registers. It is primarily used to implement breakpoint debugging and
system call tracing. The ptrace() system call shall enable a process to observe and
control the execution of another process, as well as examine and change certain
attributes of that process.This function operates via requests, which act on the
traced process using the other parameters in ways unique to each request type.
The tracing process must initiate tracing, either via the PTRACE_TRACEME or
PTRACE_ATTACH requests, before other requests may be performed. Except for
PTRACE_TRACEME and PTRACE_KILL, all requests must be performed on a
traced process that has been stopped. All signals, except one, delivered to the traced
process cause it to stop, irrespective of its registered signal handling, and cause an
event to be delivered to the tracing process which can be detected using the wait(2)
system call. The exception is the SIGKILL signal, which is delivered immediately
and performs its usual specified behavior.
3.3.3 systrace
Systrace is a computer security utility which limits an application’s access to the
system by enforcing access policies for system calls. This can mitigate the effects
of buffer overflows and other security vulnerabilities. It was developed by
NielsProvos and runs on various Unix-like operating systems.
Systrace is particularly useful when running untrusted or binary-only applications
and provides facilities for privilege elevation on a system call basis, helping to
eliminate the need for potentially dangerous setuid programs. It also includes
interactive and automatic policy generation features, to assist in the creation of a
base policy for an application.
Systrace supports the following features:
• Confines untrusted binary applications: An application is allowed to make
only those system calls specified as permitted in the policy. If the application
attempts to execute a system call that is not explicitly permitted, an alarm gets
raised.
• Interactive policy generation with graphical user interface: Policies can
be generated interactively via a graphical frontend to Systrace. The frontend
shows system calls and their parameters not currently covered by policy and
allow the user to refine the policy until it works as expected.
• Supports different emulations: GNU/Linux, BSDI, etc..
30 Computer System Security
3.6 ROOTKITS
Rootkits are a kind of malware that are designed in a way that they can remain
hidden in the computer. The user might not observe them, but they are active.
Rootkits helps the cyber criminals or the attackers to remotely control your system.
They contain a number of tools, ranging from programs that helps the hackers to
steal your password to modules that makes it easy for them to steal your bank
related information. Rootkits even help the attackers by disabling the security
software and trace the keys you type on the keyboard.
Rootkits are really difficult to detect and thus making the malware reside on your
system for a long time and causing the harm. Sometimes, the only solution left is to
erase the operating system from your computer and reinstall it. Now, the question
is how do we get rootkits on the computer system? Consider, opening an email or
downloading a file that looks perfect but actually has virus. Rootkits may be
downloaded even from the mobile app.
32 Computer System Security
Exercise
1. Why is confidentiality important in computer security?
2. Differentiate between DAC and MAC.
3. State the confinement principle.
4. What are honeypots?
34 Computer System Security
they own, as well as the programs associated with those objects. The drawback to
Discretionary Access Control is the fact that it gives the end user complete control
to set security level settings for other users and the permissions given to the end
user are inherited into other programs they use which could potentially lead to
malware being executed without the end user being aware of it. A common criticism
of DAC systems is a lack of centralized control.
a remote server. This server can be on-premises, but not connected to the companies’
regular IT infrastructure, or it can be delivered as a cloud based service. This allows
the user to continue to surf the web as they normally would, but because the remote
browser has been isolated away from the physical desktop and network, they are
no longer at risk from web based threats.
There are multiple technologies that deliver browser isolation. The most common
way of delivering Browser Isolation is Server-Side Browser Isolation. Server Side
Browser Isolation delivers literal isolation of browsing activity, by physically
isolating malware and cyber- attacks away from your networks and user machines.
Server-Side models deliver a remote browser to their users, which are hosted on a
physically isolated server built to handle cyber risks. This means that end users can
continue to use the web without disruption, able to view dynamic web pages as
they normally would, and use controls such as copy, paste and print. They normally
do not require any endpoint clients or software to be installed.
4.3.2 Advantages
4.3.2.1 Reduces Web Based Threats
Isolation stops the delivery of active code to the user’s local browser and device.
This means it blocks web-based infections such as ransom ware and advertising
from reaching user devices and business networks. The majority of threats facing
organizations come from the internet, and so by isolating browsing activity,
organizations greatly reduce the risks of attacks.
account encrypted uid group id “in real life” where files what shell
name password start program starts
on login
Every process inherits its uid based on which user starts the process. Every process
also has an effective uid, also a number, which may be different from the uid.
Finally, each UNIX process is a member of some groups. In the original UNIX
every user was a member of one group. Currently, users can be members of more
40 Computer System Security
than one group. Group information can be gotten from /etc/passwd or from a file /
etc/groups. System administrators control the latter file. An entry in /etc/groups
may look like:
staff : * : 17 : fbs, ldzhou, ulfar
Exercise
1. State the importance of access control.
2. Why authentication and authorization is important?
OR
State and explain the difference between authentication and authorization.
3. What are the various ways to provide access control?
4. Write short note on:
i. DAC
ii. MAC
iii. RBAC
5. Why appropriate role based access is important?
6. What are the various challenges faced while implementing access control?
7. What is browser isolation?
8. State the advantages of browser isolation.
9. Explain the working of Browser isolation.
10. Briefly explain the access mechanism in UNIX and WINDOWS.
d
5
Web Security Landscape
Learning Objective
• HTTP-features, architecture • Cross Site Scripting (XSS)
• Cookies • Defense against XSS
• Web Sever Threats • Finding vulnerabilities
• Cross Site Request Forgery • Secure development
You’ve launched your website and done all you can to ensure its success, but you
may have overlooked a critical component: website security. Cyberattacks cause
costly clean-up, damage your reputation, and discourage visitors from coming back.
Fortunately, you can prevent it all with effective website security.
5.1 OVERVIEW
Web security is also known as “Cybersecurity”. Website security can be a complex
(or even confusing) topic in an ever-evolving landscape. Website security is the
measures taken to secure a website from cyberattacks. In this sense, website security
is an ongoing process and an essential part of managing a website.It basically
means protecting a website or web application by detecting, preventing and
responding to cyber threats.
Websites and web applications are just as prone to security breaches as physical
homes, stores, and government locations. Unfortunately, cybercrime happens every
day, and great web security measures are needed to protect websites and web
applications from becoming compromised.
That’s exactly what web security does – it is a system of protection measures and
protocols that can protect your website or web application from being hacked or
entered by unauthorized personnel. This integral division of Information Security is
vital to the protection of websites, web applications, and web services. Anything that
is applied over the Internet should have some form of web security to protect it.
Website security protects your website from:
• DDoS attacks. These attacks can slow or crash your site entirely, making it
inaccessible to visitors.
44 Computer System Security
5.2 HTTP
HTTP means HyperText Transfer Protocol. HTTP is the underlying protocol used
by the World Wide Web and this protocol defines how messages are formatted and
transmitted, and what actions Web servers and browsers should take in response to
various commands.
For example, when you enter a URL in your browser, this actually sends an HTTP
command to the Web server directing it to fetch and transmit the requested Web
page. The other main standard that controls how the World Wide Web works is
HTML, which covers how Web pages are formatted and displayed.
disconnect the connection. So client and server knows about each other during
current request and response only. Further requests are made on new connection
like client and server are new to each other.
• HTTP is media independent: It means, any type of data can be sent by HTTP
as long as both the client and the server know how to handle the data content.
It is required for the client as well as the server to specify the content type
using appropriate MIME-type.
• HTTP is stateless: As mentioned above, HTTP is connectionless and it is a
direct result of HTTP being a stateless protocol. The server and client are
aware of each other only during a current request. Afterwards, both of them
forget about each other. Due to this nature of the protocol, neither the client
nor the browser can retain information between different requests across the
web pages.
5.2.2 Architecture
The HTTP is meant for request/response depending on a client-server architecture
where the user requests information through a web browser to the web server,
which then responds to the requested data. (As shown in Fig. 5.1)
Web Client: The client of this client-server architecture asks for a request to a
specific server through the HTTP (TCP/IP connection) as a request method in the
form of a URL. It also contains a MIME-like message that contains request modifier
and client information.
Web Server: This accepts the request and process with a response by a status line,
together with the version of the message’s protocol as well as the success or error
code, followed by a MIME-like message having server information, some metadata,
and possible the entity-body content holding the requested information.
HTTP Request
HTTP Response
Client Server
5.3 COOKIES
A computer “cookie” is more formally known as an HTTP cookie, a web cookie,
an Internet cookie or a browser cookie. The name is a shorter version of “magic
cookie,” which is a term for a packet of data that a computer receives and then
46 Computer System Security
• Disable the storage of cookies in your internet browser. This reduces the amount
of information being shared and can be adjusted in your browser’s privacy
settings.
• Browser add-ons are available that block third-party software such as cookie
trackers and ensure that your browsing habits remain private.
• Always make sure you have anti-malware software installed on your PC as
malware can often disguise itself as harmless cookies or infiltrate advertising
networks.
• If a website asks you to accept cookies and you’re unsure of its legitimacy
then leave the website immediately.
Custom Flaws
Business Logic
Web Applicatio ilities
ns Technical Vulerab
Third-Party
Commercial
Web Applicatio Open Source /
ns
Database L / Db2
Oracle / MySQ
Applications Commercial
Open Source /
Operating Syst ux / OS X
em Windows / Lin
Network alls
Routers / Firew
A successful CSRF attack can be devastating for both the business and user. It can
result in damaged client relationships, unauthorized fund transfers, changed
passwords and data theft—including stolen session cookies.CSRFs are typically
conducted using malicious social engineering, such as an email or link that tricks
the victim into sending a forged request to a server. As the unsuspecting user is
authenticated by their application at the time of the attack, it’s impossible to
distinguish a legitimate request from a forged one.
The process of CSRF is shown in Fig. 5.3
2 3
Perpetrator embeds the A visitor clicks on the
request into a hyperlink and Website Visitor link, inadvertently
sends it to visitors who may sending the request to
be logged into the site the website
Website
Perpetrator
user of the website, making them more difficult to catch and even harder to fix. Also
unlike SQL injection, which can be eliminated with the proper use of prepared statements,
there’s no single standard or strategy to preventing cross-site scripting attacks.
There are two main types of cross-site scripting attacks: Stored (or persistent) XSS,
which is when malicious script is injected directly into the vulnerable application,
and reflected XSS, which involves ‘reflecting’ malicious script into a link on a
page, which will activate the attack once the link has been clicked.
Three ways to protect against XSS attack:
5.7.1 Escaping
The first method you can and should use to prevent XSS vulnerabilities from
appearing in your applications is by escaping user input. Escaping data means
taking the data an application has received and ensuring it’s secure before rendering
it for the end user. By escaping user input, key characters in the data received by a
web page will be prevented from being interpreted in any malicious way. In essence,
you’re censoring the data your web page receives in a way that will disallow the
characters – especially < and > characters – from being rendered, which otherwise
could cause harm to the application and/or users.
If your page doesn’t allow users to add their own code to the page, a good rule of
thumb is to then escape any and all HTML, URL, and JavaScript entities. However,
if your web page does allow users to add rich text, such as on forums or post
comments, you have a few choices. You’ll either need to carefully choose which
HTML entities you will escape and which you won’t, or by using a replacement
format for raw HTML such as Markdown, which will in turn allow you to continue
escaping all HTML.
5.7.3 Sanitizing
A third way to prevent cross-site scripting attacks is to sanitize user input. Sanitizing
data is a strong defense, but should not be used alone to battle XSS attacks. It’s
totally possible you’ll find the need to use all three methods of prevention in working
towards a more secure application. Sanitizing user input is especially helpful on
sites that allow HTML markup, to ensure data received can do no harm to users as
well as your database by scrubbing the data clean of potentially harmful markup,
changing unacceptable user input to an acceptable format.
Exercise
1. How does web security protects your web site?
2. What is SEO spam?
3. State and explain the features of HTTP.
4. Explain HTTP request and HTTP response.
5. What are cookies?
6. How do you protect your system from the effect of cookies?
7. Briefly explain the web server threats.
8. Explain the working of CSRF.
9. What are the various Cross site scripting attacks?
10. How do you protect your system against XSS?
11. Why is important to have security as an important part of the SDLC?
OR
“SDLC should have security as an important part”. Justify.
12. State and explain the common security vulnerabilities.
a
6
Basic Cryptography
Learning Objective
• Cryptography • E-Mail Security Certificates
• Public Key Encryption-RSA • Transport Layer Security
• Digital Signature • IP Security
• Public Key Distribution • DNS Security
The process of changing the cipher text to the plaintext that process is known as
decryption.
Asymmetric is a form of Cryptosystem in which encryption and decryption are
performed using different keys-Public key (known to everyone) and Private Key
(Secret key). This is known as Public Key Encryption.
Characteristics of Public Key Encryption:
• Public key Encryption is important because it is infeasible to determine the
decryption key given only the knowledge of the cryptographic algorithm and
encryption key.
• Either of the two key (Public and Private key) can be used for encryption with
other key used for decryption.
• Due to Public key cryptosystem, public keys can be freely shared, allowing
users an easy and convenient method for encrypting content and verifying
digital signatures, and private keys can be kept secret, and ensuring only the
owners of the private keys can decrypt content and create digital signatures.
• The most widely used public-key cryptosystem is RSA (Rivest–Shamir–
Adleman). The difficulty of finding the prime factors of a composite number
is the backbone of RSA.
To make the working of Public Key Encryption clearer, follow Fig. 6.1.
Public Key Private Key
(A,B,C,D) (c)
6.1.3 Applications:
• Confidentiality can be achieved using Public Key Encryption. In this the Plain
text is encrypted using receiver public key. This will ensures that no one other
than receiver private key can decrypt the cipher text.
• Digital signature is for sender’s authentication purpose. In this sender encrypt
the plain text using his own private key. This step will make sure the
authentication of the sender because receiver can decrypt the cipher text using
sender’s pubic key only.
• This algorithm can be used in both Key-management and securely transmission of
data.
has been encrypted with the public key, it can only be decrypted by another key,
known as the private key. Each RSA user has a key pair consisting of their public
and private keys. As the name suggests, the private key must be kept secret.
Public key encryption schemes differ from symmetric-key encryption, where both
the encryption and decryption process use the same private key. These differences
make public key encryption like RSA useful for communicating in situations where
there has been no opportunity to safely distribute keys beforehand.
RSA encryption is often used in combination with other encryption schemes, or
for digital signatures which can prove the authenticity and integrity of a message.
It isn’t generally used to encrypt entire messages or files, because it is less efficient
and more resource-heavy than symmetric-key encryption.
To make things more efficient, a file will generally be encrypted with a symmetric-
key algorithm, and then the symmetric key will be encrypted with RSA encryption.
Under this process, only an entity that has access to the RSA private key will be able
to decrypt the symmetric key. Without being able to access the symmetric key, the
original file can’t be decrypted. This method can be used to keep messages and files
secure, without taking too long or consuming too many computational resources.
RSA encryption can be used in a number of different systems. It can be implemented
in OpenSSL, wolfCrypt, cryptlib and a number of other cryptographic libraries. As
one of the first widely used public-key encryption schemes, RSA laid the foundations
for much of our secure communications. It was traditionally used in TLS and was
also the original algorithm used in PGP encryption. RSA is still seen in a range of
web browsers, email, VPNs, chat and other communication channels. RSA is also
often used to make secure connections between VPN clients and VPN servers.
Under protocols like OpenVPN, TLS handshakes can use the RSA algorithm to
exchange keys and establish a secure channel.
• There must be no common factor for e and (p – 1)(q – 1) except for 1. In other
words two numbers e and (p – 1)(q – 1) are coprime.
be the plaintext P.
Plaintext = Cd mod n
• Returning again to our numerical example, the ciphertext C = 82 would get
decrypted to number 10 using private key 29:-
Plaintext = 8229 mod 91 = 10
Signer’s Hashing
Private Function
Data
Key Equal?
Data
Hash Signer’s
Private
Key
Sener’s Side
Encrypted Data
Data Encryption using +
Receiver’s Public Key Digital Signature
Hashing
Function
given data. Thus the receiver can present data and the digital signature to a
third party as evidence if any dispute arises in the future.
Public-key
directory
Pua Pub
A B
public key can obtain the certificate and verify that it is valid by way of the attached
trusted signature. A participant can also convey its key information to another by
transmitting its certificate. Other participants can verify that the certificate was
created by the authority.
6.5.2 Advantages
• Email Security Helps to Protect Your Business and Build Customer Trust
• Email Security Helps to Prevent Noncompliance
68 Computer System Security
6.7 IP SECURITY
Internet Protocol Security (IPSec) is a framework of open standards for ensuring
private, secure communications over Internet Protocol (IP) networks, through the
use of cryptographic security services. IPSec is a suite of cryptography-based
protection services and security protocols. Because it requires no changes to
programs or protocols, you can easily deploy IPSec for existing networks.
The driving force for the acceptance and deployment of secure IP is the need for
business and government users to connect their private WAN/ LAN infrastructure
to the Internet for providing access to Internet services and use of the Internet as a
component of the WAN transport system. As we all know, users need to isolate
their networks and at the same time send and receive traffic over the Internet. The
authentication and privacy mechanisms of secure IP provide the basis for a security
strategy for us.
70 Computer System Security
IPsec protects one or more paths between a pair of hosts, a pair of security gateways,
or a security gateway and a host. A security gateway is an intermediate device,
such as a switch or firewall, that implements IPsec. Devices that use IPsec to protect
a path between them are called peers.
IPsec requires a PCI Accelerator Card (PAC) to provide hardware data compression
and encryption. A PAC is a hardware processing unit the switch’s CPU controls.
IPsec provides the following security services for traffic at the IP layer:
• Data origin authentication—identifying who sent the data.
• Confidentiality (encryption)—ensuring that the data has not been read en route.
• Connectionless integrity—ensuring the data has not been changed en route.
• Replay protection—detecting packets received more than once to help protect
against denial of service attacks.
as SHA and MD5. The algorithm’s IP sec users produces a unique identifier
for each packet. This identifier then allows a device to determine whether a
packet has been correct or not. Packets which are not authorized are discarded
and not given to receiver.
Original Packet
IP HDR TCP DATA
Encryption
Authentication
6.7.3 Advantages
When IPSec is implemented in a firewall or router, it provides strong security
whose application is to all traffic crossing this perimeter. Traffic within a company
72 Computer System Security
to a “pirate” server, unbeknownst to the users. This may cause in the corruption/
theft of a user’s personal data.
• Fast flux
An attacker will typically spoof his IP address while performing an attack.
Fast flux is a technique to constantly change location-based data in order to
hide where exactly the attack is coming from. This will mask the attacker’s
real location, giving him the time needed to exploit the attack. Flux can be
single or double or of any other variant. A single flux changes address of the
web server while double flux changes both the address of web server and
names of DNS serves.
• Reflected attacks
Attackers will send thousands of queries while spoofing their own IP address
and using the victim’s source address. When these queries are answered, they
will all be redirected to the victim himself.
• Reflective amplification DoS
When the size of the answer is considerably larger than the query itself, a flux
is triggered, causing an amplification effect. This generally uses the same
method as a reflected attack, but this attack will overwhelm the user’s system’s
infrastructure further.
Exercise
1. Differentiate between public key and private key.
2. Explain the process of Public-Key encryption.
74 Computer System Security
One of the greatest things about the Internet is that nobody really owns it. It is a global
collection of networks, both big and small. These networks connect together in many
different ways to form the single entity that we know as the Internet. In fact, the very
name comes from this idea of interconnected networks. The heart of the Internet exists
between this telecommunications component and the content that users send to each
other across those wires. That is what we call the Internet’s ‘infrastructure’.
Internet infrastructure is the physical hardware, transmission media, and software
used to interconnect computers and users on the Internet. Internet infrastructure is
responsible for hosting, storing, processing, and serving the information that makes
up websites, applications, and content.
input. Applications can guard against vulnerable code by keeping data separate
from commands and queries, such as by using a safe API with parameterized queries.
closest to its origin are best positioned to address the threat (e.g. adjacent
networks can refuse to accept false announcements). When a network is
impacted further from the source of a routing incident, it can only attempt to
mitigate the impact. It must rely on other networks closer to the source of the
routing incident to fully address the problem.
• Economic externalities. Any network can be the source of an incident and
the insecurity of one network can impact all other networks. However, even if
a routing incident originates from one’s own network, the impact is most likely
to be felt on another network. Network operators are less likely to spend
resources on better routing security since the benefits will mostly go to other
networks, not their own.
• Routing security is not a market differentiator. Good routing security is
currently not an effective marketing tool for network operators. It is difficult
for network operators to communicate their level of routing security to their
customers. Users have limited understanding of the global routing system and
how their network’s routing security practices will impact them.
To improve routing security, we should:
i. Lead by Example. All stakeholders, including governments, should
improve infrastructure reliability and security by adopting best practices
in their own networks.
• All networks providing internet connectivity, including enterprise or
government networks, should use filtering, alongside IP source
validation, to help prevent and mitigate the impact of incidents.
• In addition, influential market players, such as large enterprises or
governments, should, where feasible, require compliance with routing
security baselines, such as the one documented by MANRS, for
procurement contracts with Internet service providers. MANRS, through
its MANRS Observatory, will provide measurements that can serve as a
valuable 3rd party assessment of a network operator’s security practices.
These assessments can help inform procurement decisions.
ii. Facilitate/encourage the adoption of common practices for routing
security. Industry associations, in close collaboration with governments
and other stakeholders, should promote common baseline for routing
security.
• Common baseline for network operators provide an industry standard
for routing security and promote greater information sharing among
network operators. They also provide a method for network operators
to signal their level of security to prospective customers.
Internet Infrastructure 79
• The private sector, governments, civil society, academia and others can
support the development or strengthen existing computer security
incident response teams (CSIRTs). CSIRTs provide an important role in
information sharing and coordination in response to routing incidents
and threats.
vi. Identify and address legal barriers to information sharing, the
implementation of routing security technologies and research on
routing incidents and threats. Legal barriers can impede security
researchers and disincentivize network operators from deploying routing
security solutions and sharing information with one another.
• Identifying and eliminating legal and regulatory barriers can improve
information sharing and responses to routing incidents. Stakeholders,
particularly security researchers, may worry that disclosing routing
security incidents or threats could place them in legal jeopardy. Legal
barriers can also impede the development and deployment of routing
security technologies. In developing solutions to identified barriers,
stakeholders must pay close attention to their potential impact on the
privacy of individuals.
systems: they either find a way to enter the system and then change or steal
information from the inside, or they attempt to over-whelm the system with
information from the outside so that it shuts down. One way a hacker might enter
a small business’s computer network is through an open port, or an Internet
connection that remains open even when it is not being used. They might also
attempt to appropriate passwords belonging to employees or other authorized users
of a computer system. Many hackers are skilled at guessing common passwords,
while others run programs that locate or capture password information.
Another common method of attack used by hackers is e-mail spoofing. This method
involves sending authorized users of a computer network fraudulent e-mail that
appears as if it were sent by someone else, most likely a customer or someone else
the user would know. Then the hacker tries to trick the user into divulging his or
her password or other company secrets. Finally, some hackers manage to shut down
business computer systems with denial of service attacks. These attacks involve
bombarding a company’s Internet site with thousands of messages so that no
legitimate messages can get in or out.
and hold users accountable for their use of the system. Digital signatures can be
used to authenticate e-mails and other outside documents. This technology provides
proof of the origin of documents and helps prevent e-mail spoofing.
7.4 FIREWALLS
A firewall is a system designed to prevent unauthorized access to or from a private
network. You can implement a firewall in either hardware or software form, or a
combination of both. Firewalls prevent unauthorized internet users from accessing
private networks connected to the internet, especially intranets. All messages
entering or leaving the intranet (the local network to which you are connected) or
WAN must pass through the firewall (Fig. 7.1), which examines each message and
blocks those that do not meet the specified security criteria.
Firewall
LAN WAN
Exercise
1. Why is cyber security important?
2. What are the various problems faced in cyber security world?
3. State the importance of rioting security.
4. What are the basic steps to improve the routing security?
5. State the problems or the weakness of Internet Security.
6. How can we protect our transactions in the world of cybercrime?
7. Why are Firewalls implemented?
8. Give examples of few Firewalls.
9. Explain the working of firewalls.
10. What are the different types of firewalls?
A
APPENDIX
SECURITY IN CLOUD COMPUTING ENVIRONMENT
Cloud-based IT services have been gaining popularity as they do not require big
investments. The new business model of on-demand services brought in by cloud
where customers can choose what they want, how much they want and pay only
for those services. This has been made possible by the shared use of resources —
such as storage, servers and applications and services—leading to potential cost
saving. Even though the cloud technology is not mature, there is an increased
confidence in its adoption by businesses. Though cloud computing just like any
other technological development was aimed at mass convenience and adoption,
there are those who see these advances as platforms for fraud and abuse. Some of
the security challenges in the cloud environment are traditional computing
challenges and some are unique to cloud computing. In addition to the traditional
computing security concerns such as hardware and software malfunction, the
complex cloud model, the way of service delivery and access to shared resources
pose a great deal of threats. Each layer in the cloud model can be a potential point
of attack. Major cloud service providers (CSPs) have data centres around the world,
replicated in multiple locations to maintain service continuity in case of a failure.
On one hand, global dispersion provides operational efficiency; on the other hand,
it raises jurisdiction issue for LEAs in case of an investigation, since each country
has unique laws on data usage and privacy.
hence, it is difficult to collect evidence. Since the data are not stored locally but are
on cloud, direct evidence is not available for the investigators. For evidence, the
investigator is dependent on the CSP who may be out of investigators’ jurisdiction.
Acquiring servers in the cloud environment will affect services to multiple
customers, which may raise a liability issue for the service provider. In the case of
an incident at the CSP end, the CSP will be more interested in restoring the service
than preserving the evidence. The CSP may not report the incident for the sake of
reputation or may start its own investigation without proper measures to preserve
evidence.
percent of all data breaches. Insider threats can be malicious – such as members
of staff going rogue – but they can also be due to negligence or simple human
error. It is important, then, to provide your staff with training, and also ensure
that you are tracking the behaviour of employees to ensure that they cannot
commit crimes against the business.
v. If a criminal can gain access to your system through a staff account, they
could potentially have full access to all of the information on your servers
without you even realizing any crime has taken place. Cybercriminals use
techniques such as password cracking and phishing emails in order to gain
access to accounts – so once again, the key here is to provide your team with
the training to understand how to minimize the risk of their account being
hijacked.
vi. Sometimes it can be the case that your own system is highly secure, but you
are let down by external applications. Third-party services, such as applications,
can present serious cloud security risks, and you should ensure that your team
or cyber-security experts take the time to establish whether the application is
suitable for your network before they have it installed. Discourage staff from
taking matters into their own hands and downloading any application that
they think might be useful. Instead, you should make it necessary for the IT
team to approve any application before it is installed on the system. While this
might seem like a lengthy step to put in place, it can effectively take away the
risk of insecure applications.
vii. Most cybersecurity threats come in the form of outsider attacks, but this issue
is one caused by a problem inside the company. And this problem is in failing
to take the threat of cybercrime seriously. It is essential to invest in training on
the risks of cyberattacks – not just for your IT team, but for every member of
staff. Your team is your first line of defense against any kind of data breach or
cyberattack, so they need to be prepared with the latest information or relevant
threats to businesses like yours. Allocate time and budget for staff training,
and also make sure that this training is regularly updated so that your staff is
being taught about issues that are genuinely affecting organizations.
MODEL QUESTION PAPER
TOTAL MARKS:100
1. Attempt all questions in brief. 2×10 = 20
a) What is Computer Security Problem? What factors contribute to it?
b) What are the principles of secure design?
c) What is Encryption and Decryption?
d) What is the difference between HTTPs, SSL and TLS?
e) Explain System Call Interposition.
f) What are the differences between Discretionary Access Control and
Mandatory Access Control?
g) What is Web Security?
h) Give three benefits of IPSec.
i) What is SQL Injection?
j) What is the problem of covert channel in VMM Security?
2. Attempt any three of the following: 3×10 = 30
a) What is an Intrusion Detection System? What are the difficulties in Anomaly
detection?
b) Why is security hard?
c) What is Access Control List and also define the technologies used in access
control?
d) What is Cross Site Request forgery and what are the defences against it?
e) Explain SSL Encryption. What are the steps involved in SSL: server
authentication?
3. Attempt any one of the following: 1×10 = 10
a) What are Asymmetric Algorithms? Give their advantages, disadvantages.
b) Why do cyber criminals want to own machines?
4. Attempt any one of the following: 1×10 = 10
a) Write a short note on DES.
b) Write short notes on Software Fault Isolation:
i. Goal and Solution
ii. SFI approach
90 Computer System Security
Magic Cookie : It is a term for a packet of data that a computer receives and then
sends back without changing or altering it
Trojan Horse : It is a malicious bit of attacking code or software that tricks users
into running it willingly, by hiding behind a legitimate program
Phishing : Phishing is a method of a social engineering with the goal of obtaining
sensitive data such as passwords, usernames, and credit card numbers
Cipher Text : The cipher text is produced as an output of Encryption algorithm
Digital Signature : A digital signature is a mathematical technique which validates
the authenticity and integrity of a message, software or digital documents
Internet Protocol Security : IPSec is a framework of open standards for ensuring
private, secure communications over Internet Protocol (IP) networks, through the
use of cryptographic security services
Distributed Denial of Service: DDoS attack generally involves a group of
computers being harnessed together by a hacker to flood the target with traffic
IP Spoofing : It is a process in which someone creates IP packets with a false
source IP address to hide the identity of the sender or impersonate another system
Firewall : A firewall is a system designed to prevent unauthorized access to or
from a private network
REFERENCES
1. William Stallings, Network Security Essentials: Applications and Standards,
Prentice Hall, 4th edition, 2010.
2. Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security,
Addison Wesley, 2011.
3. William Stallings, Network Security Essentials: Applications and Standards,
Prentice Hall, 4th edition, 2010.
4. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook
of Applied Cryptography, CRC Press, 2001.
5. https://ict.iitk.ac.in/product/computer-system-security/
6. https://searchsecurity.techtarget.com/definition/cryptography
7. https://www.infoblox.com/dns-security-resource-center/security-faq/
8. https://searchsecurity.techtarget.com/definition
9. https://phoenixnap.com/blog/cyber-security-
10. https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-
attacks/
11. https://cloudacademy.com/blog/key-cybersecurity-threats