Introduction to Computer & Information Security

What is Security?

 “Computer security” deals with the prevention and detection of unauthorized actions by users of a computer system.
 Computer Security is nothing but to provide security to data, computer system, services and supporting procedures.
For this purpose various technologies were used like access control, mechanism, cryptography.

 Computer security requires the methods used to ensure the security of a system. Now a day’s computers are
connected to each other via a network, which then introduces the term network security. It is used to refer to the
protection of the multiple computers and other devices that are connected together.
 Information security and information assurance, which focuses on the security process not on the hardware and
software being used but on the data that is processed by them. Assurance also introduces the availability of the
systems and information when we want them.

 Data security is related to the content of information and source of the data transfer should be secure. Only valid
users can access or change the data. Data should be secured from modification, insertion, deletion or reply from
unauthorized person.

Need of Security

 From last few years, the public is becoming dependent on computers and networks, so they are also interested in the
security of these same computers and networks.
 As a result of this increased attention by the public, several new terms have become common place in conversations
and print like hacking, virus, TCP/IP, encryption, and firewalls are now frequently seen in mainstream news
publications and have found their way into casual conversations.
 With more use of computers and networks on daily basis to conduct everything like making purchases etc ensuring
that computers and networks are secure has become of paramount importance.
 Medical information, financial information and data relating to the types of purchases are stored in a computer
system. So this information remains private to the general public, and it is one of the jobs of security to help with the
protection of our privacy.
 Hence, computer and network security is essential to function effectively and safely in today's highly automated
world.

Security Basics

The basic or goal or components of computer security includes : confidentiality, integrity, and availability-the “CIA”
of security.
1. Confidentiality
 It is used to ensure that only the individuals who have the authority can be able to view a piece of information.
Unauthorized individual cannot be able to view data for which they are not entitled to,
 It is nothing but the secrecy or concealment of information and resources.
 In the sensitive fields like Industry, government and military there is need to keep information secret. In this case
only the authorized person can access information or resources.
 To maintain the confidentiality various mechanisms are used like resource hiding, cryptography and access
control mechanism.
 Fig. 1.1.1 : Confidentiality

2. Integrity : Integrity is related with the generation and modification of data. Only the authorized individuals can be
able to create or change (or delete) information.

Fig. 1.1.2 : Integrity

Sender A send message to B, B received original message then it maintain the integrity of message but when user C
can able to access this message and modify that message this modified message send to receiver B, then integrity of
the message is lost.
3. Availability : This is used to ensure that the data or the system is available for use when the authorized user wants to
access it.
4. Accountability :

 Every individual who is working with an information system should have specific responsibilities for information
assurance.
 The tasks for which an individual is responsible are part of the overall information security plan.
 Accountability is the traceability of actions performed on a system to a specific system entity (like user, process,
device).

 Audit information must be selectively kept and protected, so that the actions affecting security can be traced to
the responsible party.
 System need to identify and authenticate various users with the help of an audit trail of security-relevant events.
 If a security violation has occurred, information from the audit trail may help to identify the executor.
5. Non-Repudiation : It is the ability to verify that a message has been sent and received are the same and that the
sender can be identified and verified. This type of requirement is for online transactions.
6. Reliability : It refers to the ability of a computer-related hardware or software component to consistently perform
according to its specifications and produces intended result.
7. Authentication : Authentication is the process of determining the identity of a user or other entity by following three
ways :

(a) Something-you-know : The most common authentication mechanism is to provide a user ID and password.
Password should not be shared with anybody else, only you should know your password.
(b) Something-you-have : This method involves the use of something that only valid users should have like lock and
key. Only those individuals with the correct key can be able to open the key.

(c) Something-about-you : This method involves something that is unique about you like finger print, DNA samples
etc.
8. Authorization : Authorization is a process of verifying that a known person has the authority to perform a certain
operation. Authorization cannot occur without authentication.

What is Risk, Asset & Threat?

 Risk is some incident or attack that can cause damage to system.
 An attack against a system is done by a sequence of actions, exploiting weak points, until attacker’s goal is not
accomplished.

 So it is important to assess the risk caused by the attack in terms of amount of damage being done and the
possibility of the attack.
The process of risk analysis will refer to assets, vulnerabilities and threats. It is calculated as;

Fig. 1.2.1 : Risk Calculations

Assets

 Asset is any data, device or other component that supports information related security.
 Asset can be a Hardware, Software or Confidential Information, e.g. server, switches, support system etc.
 Identification of assets should be relatively simple and regular exercise.

 Valuation of asset is more challenging because assets like hardware can be valued according to their financial
replacement costs whereas other assets like data and information is more difficult because, if data is leaked then it is
a indirect loss.
 Assets should be protected from illegal access, use, disclosure, alteration, destruction, and/or theft, resulting in loss
to the organization.


Threats

 A threat is an action by attacker who tries to exploit vulnerabilities to damage assets.

 Threats can be identified by the damage done to assets.

 A threat against an information infrastructure can be any vector that puts mission critical information at risk.

 An attack may start with innocent steps like gathering information required to gain privilege on one machine and
jump from one machine to another until the final goal is reached. To get the complete idea of potential threat, an
attack tree is used.

 Attack trees are formalized and structured way of analyzing threats. An attack tree is a tree in which the nodes
represent attacks. The root node of the tree is the goal of an attacker and the leaf node represents the Way of
achieving goals.
 It is possible to assign values to the edges in the tree, so it will helpful to calculate the estimated cost of the attack.

Attack Tree

 From these calculations, the cheapest attack can be computed. Hence the attack tree is more formalized and
structured method of analyzing attacks.

Vulnerability

 Vulnerability is a weakness in the information infrastructure of a business or organization. It will accidentally or

intentionally damage the asset.
 In any system, the vulnerabilities can be,

o Account with system privileges where the default passwords has not been changed.
o Programs with unnecessary privilege.
o Program with known faults.
o Weak access control settings on resources.
o Weak firewall configuration that allows access to vulnerable services etc.
 A vulnerability scanner gives a systematic and automated way of identifying vulnerabilities.
 Vulnerability can be rated according to their impact.

Countermeasures

 The result of risk analysis is a list of threats with priority and the recommended countermeasures to mitigate the risk.
 Usually the risk analysis tools come with a knowledge based of countermeasures for the threats which can detected
in analysis.
 Before deciding any implementation of security measures, it is good to go through the risk analysis. But this approach
is having problems like :
 o Conducting a risk analysis for a larger organization will take much time because the IT system is changing
continuously.
o The cost of a full risk analysis is difficult to justify to management.
 Hence, much organization may decide to select baseline protections as an alternative solution. This approach
analyzes the security requirements for typical cases and recommends as a security measures.

What do you mean by Threat to Security ?

A threat is a potential for violation of security which exists when there is a action that might cause harm to security.
Threats are divided into following categories :
(a) Disclosure : Unauthorized access to information.

(b) Deception : Access of wrong data.

(c) Disruption : Prevention of correct action.
(d) Usurpation : Unauthorized access to system or part of system.

What is Viruses

 A virus is a code or program that attaches itself to another code or program which causes damage to the computer
system or to the network.
 It is a piece of code which is loaded onto the computer without individual’s knowledge and runs against his/her
wishes.
 It can replicate them. Any simple virus can be dangerous because it will quickly use all available memory space and
bring the system to a halt.
 Whereas, dangerous viruses are capable of transmitting itself across networks and can be able to avoid security
systems.

Virus Infected code

Phases of Viruses (Life Cycle of Viruses)

During its lifetime, a typical virus goes through the following four phases :
(i) Dormant Phase : The virus is idle and eventually activated by some event.
(ii) Propagation Phase : The virus places an identical copy of itself into other programs or into certain system areas
on the disk.
(iii) Triggering Phase : The virus is activated to perform the function for which it was intended.
(iv) Execution Phase : The function is performed.

Fig. 1.3.2 : Phases of Virus

Types of Viruses

1. Parasitic viruses
 It attaches itself to executable code and replicates itself. When the infected code is executed, it will find other
executable code or program to infect.

2. Memory resident virus

This type of virus lives in the memory after its execution. It inserts themselves as a part of operating system or
application and can manipulate any file that is executed, copied or moved.

3. Non-resident virus

This type of virus executes itself and terminated or destroyed after specific time.

4. Boot sector virus

This type of virus infects the boot record and spread through a system when system is booted from disk containing
virus.

5. Overwriting virus

This type of virus overwrites the code with its own code.

6. Stealth virus

It is the virus who hides the modification. It has made in the file or boot record.

7. Macro virus

These viruses are not executable, it affects Microsoft Word like documents. They can spread through email.

8. Polymorphic virus

It produces fully operational copies of itself, in an attempt to avoid signature detection.

9. Companion virus

This is the virus which creates a new program instead of modifying an existing file.

10. Email viruses

Virus gets executed when email attachment is open by recipient. Virus sends itself to everyone on the mailing list of
sender.

11. Metamorphic virus

This type of virus keeps rewriting itself every time. It may change their behavior as well as appearance code.

How to deal with Viruses ? (Virus Prevention)

 Preventing from Viruses is always a good option. There is no direct way to test/find the hidden code but we can
attempt to detect, identify and remove viruses.

Fig. 1.3.3

o Detection – Find out the location of Virus.

o Identification – Identify the specific virus that has attacked.
o Removal – After identification, it is necessary to remove all traces of the virus and restore the affected file to its
original state with the help of anti-virus.
What is Worm?

 A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
 Viruses and worms will be the most common problem that an organization faces.

Worm code

Difference between worm and virus

Sr. Virus Worm
No.

1. A virus is a piece of code that attaches itself to A worm is a malicious program that spread automatically.
legitimate program.

2. Virus modifies the code. Worm does not modify the code.

3. It does not replicate itself. It replicate itself.

4. Virus is a destructive in nature. Worm is non destructive in nature.

5. Aim of virus is to infect the code or program stored Aim of worm is to make computer or network unusable.
on computer system.

6. Virus can infect other files. Worm does not infect other files but it occupies memory
space by replication.

7. Virus may need a trigger for execution. Worm does not need any trigger.

Diagram Diagram

Define term Trojan Horse?

 Trojan Horse is a hidden piece of code, it allows an attacker to obtain confidential data.

 The main purpose of Trojan Horse is to reveal confidential information to an attacker.

 For example, Trojan Horse can hide in code for login screen. When the user enters the user id and password, the
Trojan Horse captures these details and send this information to the attacker without knowledge of authorized user.
The attacker can then use this information to gain access to the system.

What is Intruders?

 An intruder is a person that enters territory that does not belong to that person.
 The objective of the intruder is to gain access to a system or to increase the range of privileges accessible on a
system.
 This is one of the most publicized threats to security. There are three classes of intruders :
 o Masquerader : An individual who is not authorized to use the computer and who enters a system’s access
controls to use a legal user’s account. Generally the masquerader is an outsider;
o Misfeasor : A legitimate user who accesses data, programs or resources for whom these access is not
authorized, or who is authorized for such access but misuse his or her privilege. The misfeasor is an insider.
o Clandestine/Secret User : An individual who hold managerial control of the system and uses this control to avoid
auditing and access controls or to suppress audit collection. The clandestine user can be either an outsider or an
insider

Define term Insiders?

 The insiders have the access and necessary knowledge to cause immediate damage to an organization hence Insiders
is more dangerous than outside intruders.
 Many securities are designed to protect the organization against outside intruders and so they lies at the boundary
between the organization and the rest of the world.

 Insiders may already have all the access to carry out criminal activity like fraud. Also frequently the insiders have
knowledge of the security systems in place and will be better able to avoid detection.
 Employees are not the only insiders within the organization but there are number of other individuals who have
physical access to facilities like contractors or partners, may not only have physical access to the organization's
facilities but may also have access to computer systems and networks. Diffence

Difference between Intruders and Insiders

Sr. No. Intruders Insiders

1. Intruders are authorized or unauthorized Insiders are authorized users who try to access system or
users who are trying access the system or network for which he is unauthorized.
network.

2. Intruders are hackers or crackers. Insiders are not hackers.

3. Intruders are illegal users. Insiders are legal users.

4. Intruders are less dangerous than Insiders. Insiders are more dangerous than Intruders.

5. Intruders have to study/gain knowledge about Insiders have knowledge about the security system.
the security system.

6. Intruders do not have access to system. Insiders have easy access to the system because they are
authorized users.

7. Many security mechanisms are used to There is no such mechanism to protect system from
protect system from Intruders. Insider.

What is Attacks? List and Explain type of Attacks?

 Attack is a path or way by which hacker can gain access to computer system without your knowledge. Computer
system and network attacks can be grouped into two broad categories: attack on specific software and attacks on a
specific protocol or service. The target of an attacker can be of two types: targets of opportunity and defined targets.
 The attacks are grouped into two types : Passive and Active attacks.

What is Active and Passive Attacks ?

1. Active attacks

 In active attacks, the contents of the original message are modified in some way. These attacks cannot be prevented
easily.
Types of Active Attacks
There are number of different types of attacks :

(a) Interruption : It causes when an unauthorized user pretends to be another user.

(b) Modification : It contains replay attack and Alterations. A user captures a sequence of event and re-sends it.
Alteration involves some modification/ changes to the original message.
(c) Fabrication : It is an attempt to prevent authorized users from accessing some services. E.g. Denial of Service
(DOS) attacks.
2. Passive attacks

 Passive attacks are those, where attacker aims to obtain information that is in transit. In passive attack, attacker does
not involve any modifications to the contents of an original message. So, the passive attacks are hard to detect.

(a) Release of message contents : Release of message contents means a confidential message should be accessed
by authorized user otherwise a message is released against our wishes.
(b) Traffic analysis : Traffic analysis is a passive attacker may try to find out similarities between encodes message
for some clues regarding communication and this analysis is known as traffic analysis.

Explain Denial of Service (DOS) attack with example?

 Denial-of-Service (DOS) attack is a type of attack which can exploit a known vulnerability in a specific application or
operating system, or may attack features or weaknesses in particular protocols or services.
 By this attack, the attacker is attempting to deny authorized users access to specific information or to the computer
system or network itself.
 The aim of this attack can be simply prevent access to the target system, or the attack can be used in combination
with other actions in order to gain unauthorized access to a computer or network.
 For Example, SYN Flooding Attack and POD Attack.
 DOS attacks are conducted using a single attacking system.
1. SYN Flooding attack : SYN Flooding attack, used to prevent the services to the system. It takes the advantage of
trusted relationship and TCP/IP networks design. This attack uses TCP/IP three-ways handshake for connection
between two systems.

Fig. 1.4.1 : TCP/IP 3 - way handshake

  Here, System-I send SYN packet to the System-II, with which he wants communication. Then System-II will send
SYN/ACK if he wants to communicate or he is able to accept the request and send ACK packet to System-I. This is
the normal process but in SYN flooding attack, the attacker will send fake request of communication. These
requests will be answered by target system and waits for responses, which will never come because request is
fake.

Fig. 1.4.2 : SYN-Flooding Attack

 The connection will be dropping by the target system after time-out period but if attacker sends another request
faster than time-out period then the target system will quickly be filled with requests. So after this system will be
re-serving all connections for fake request. Because of this the legitimate user who wants communication will
not be able to communicate with target system.
2. Ping-of-death (POD) attack : The attacker sends an Internet Control Message Protocol (ICMP) “ping” packet equal to,
or exceeding 64 kB. This type of packet should not occur naturally. Certain systems were not able to handle such
large size of packet, and the system would hang or crash.

Explain Distributed Denial of Service (DDOS) with neat diagram?

 Denial of Service attacks is using multiple attacking systems which are known as a Distributed Denial of Service
(DDOS) attack.
 The goal of a DDOS attack is to deny the use of or access to a specific service or system.

 In a DDOS attack, the method used to deny service is simply to overwhelm the target with traffic from many different
systems.
 A network of attack agents sometimes known as zombies. The attacker creates it and upon receiving the attack
command from the attacker, the attack agents start sending a specific type of traffic against the target. If the attack
network is large enough, even ordinary web traffic can quickly overcome the largest of sites.
 The attack agents are not willing agents-the systems that have been compromised and on which the DDOS attack
software has been installed.
 To compromise these agents, the attacker has to gain the unauthorized access to the system to run a program that
installed the attack software.

 The attack’s network may contain multiple step process in which the attacker first compromises a few systems and
then used as handlers or masters, which in turn compromise other systems.
 After creation of the attack’s network, the agents wait for an attack message that will include data on the specific
target before launching the attack. One important thing of a DDOS attack is that with just a few messages to the
agents, the attacker can have a flood of messages sent against the targeted system.
 Distributed denial of service attack

 To stop or mitigate the effects of a DOS-or DDOS attack, one important precaution is to be taken that is apply the
latest patches and upgrades to your systems and the applications running on them.

Define terms - Backdoors and Trapdoors

1. Backdoors : Backdoors are the methods used by software developers to make sure that they can gain access to an
application even if something were to happen in the future to prevent normal access methods.
 Backdoor is more commonly used to refer to programs that attackers install after gaining unauthorized access to
a system to ensure that they can have unrestricted access to the system, even if their initial access method is
discovered and blocked.
 Authorized individuals can also install Backdoors inadvertently; they should run software that contains a Trojan
horse.
 NetBus and Back Orifice are the common backdoors, and if running on your system then it will allow an attacker
to remotely access to the system-access this will them to perform any function on your system.

 A variation on the backdoor is the rootkit, and generally installed at a lower level, closer to the actual kernel level
of the operating system. Rootkits are established not to gain access but to ensure continued root access.
2. Trapdoors : Trapdoors are bits of code embedded in program to quickly gain access at a later time (i.e. during testing
phase).

 If corrupt programmer purposely leaves this code in or simply forgets to remove it, a potential security hole is
introduced.
 Hackers often plant a backdoor on previously compromised systems to gain later access.
 Trap doors can be almost impossible to remove in a reliable manner.

What is Sniffing ?

 A sniffer is an application that can capture network packets. Sniffers are also known as network protocol analyzers.
 Objective of Sniffing is to steal : Password (from Email, Web Site, FTP, TELNET etc.), Email Text, Files in transfer
 A network sniffer is software or hardware device that is used to observe traffic as, it passes through a network on
shared broadcast media.

 These devices can be used to view all traffic, or it can target a specific protocol, service, or even string of characters
like logins.
 Generally, the network device is designed to ignore all traffic that is not destined for that computer. Network sniffers
attacks ignore this friendly agreement and observe all traffic on the network, whether destined for that computer or
others, as shown in Fig.
 Network Sniffer

 Some network sniffers are not just designed to observe all traffic but also modify the traffic.

 Network administrators for monitoring network performance can use network sniffers. They can be used to perform
traffic analysis. For example, in order to determine what type of traffic is most commonly carried on the network and
to determine which segments are most active. They can also be used for network bandwidth analysis and to
troubleshoot certain problems such as duplicate MAC addresses.

 Attackers to gather information that can be used in penetration attempts can also use network sniffers like an
authorized user's username and password can be viewed and recorded for later use. The contents of e-mail messages
can also be viewed as the messages travel across the network.

 To be most effective, the network sniffers need to be on the internal network hence the chances for outsiders to use
them against you are extremely limited.

Define term Packet Sniffing?

It is a passive attack. In this attack, attacker does not hijack the conversation but he will observe the packets as they passed
by. To prevent from sniffing attack, the information can be protected in following way :
o The information that is travelling can be encoded.
o The transmission link can be encoded.

What is Spoofing? Explain types of Spoofing?

 Spoofing is making data similar to it has come from a different source. This is possible in TCP/IP because of the
friendly assumptions behind the protocols.
 The assumption at the time of protocol development is that an individual who is having access to the network layer
will be privileged users who can be trusted.

 When a packet is sent from one system to another, it includes not only the destination IP address and port but the
source IP address as well. This is one of the several forms of spoofing.
1. Spoofing E-mail

 E-mail spoofing can be easily accomplished, and there are several different ways to do it and programs that can
assist you in doing so.
  E-mail spoofing refers to email that appears to have been originated from one source but, it was actually send
from another source. Best example of Email Spoofing is Spam Mail and Junk mails.
 A very simple method to spoof an e-mail address is to telnet to port 25, the port is associated with e-mail on a
system. From there, you can fill in any address for the From and To sections of the message, whether or not the
addresses are yours and whether they actually exist or not.
 There are simple ways to determine that an e-mail message was probably not sent by the source, but most users
do not question their e-mail and will accept it.
2. URL Spoofing

 An Attacker acquires a URL close to the one they want to spoof so, that e-mail sent from their system appears to
have come from the official site.

 For example, if attackers wanted to spoof XYZ Corporation, which owned XYZ.com, the attackers might gain
access to the URL XYZ.Corp.com. An individual receiving a message from the spoofed corporation site would not
normally suspect it to be a spoof but would take it to be official. This same method can be, and has been, used to
spoof web sites.
3. IP Address Spoofing

 The IP protocol is designed to work to have the originators own IP address in the “From” portion of the packet.
 There are nothing that prevents a system from inserting a different address in the “From” portion of the packet
is known as IP Address Spoofing.
 An IP address may be spoofed for several reasons like in a specific DOS attack known as a smurf attack, the
attacker sends a spoofed packet to the broadcast address for a network, which distributes the packet to all
systems on that network.
 Spoofing can take advantage of a trusted relationship between two systems. If two systems are configured to
accept the authentication by each other, an individual logged on any one system may not be forced to go
through an authentication process again to access the other system.

 An attacker can take advantage of this by sending a packet to one system that appears to have come from a
trusted system. Since the trusted relationship is in place, the targeted system may perform the requested task
without authentication.

 The reply will be sent once a packet is received, the impersonate system can interfere with the attack, since it
would receive an acknowledgment for a request it never made.
 Initially the attacker will launch a DOS attack to temporarily take out the spoofed system for the period of time
that the attacker is exploiting the trusted relationship.
 When the attack is completed, the DOS attack on the spoofed system would be terminated and the
administrators for the systems may never notice that the attack occurred. Fig. 1.4.5 shows a spoofing attack that
includes a SYN flooding attack.

Spoofing Attack
  By this type of attack, administrators are encouraged to strictly limit any trusted relationships between hosts.
Firewalls should also be configured to discard any packets from outside of the firewall that have from addresses
indicating they originated within the network.
 For example - Smruf Attack.

Explain Smruf Attack with neat diagram?

o In the smurf attack, the request is sent to all systems on the network, so all systems will respond with an
echo reply to the target system, as shown in Fig.

Spoofing used in smurf

o The attacker has sent one packet and able to generate 254 responses at the specific target. Then, an
attacker can send several of these spoofed requests to the target, or send them to several different
networks.
o Then the target system can quickly become overwhelmed with the volume of echo replies it receives.

What is Man-in-Middle Attack (Bucket-Bridge Attack)?

 A man-in-the-middle attack, generally occurs when attackers are able to place themselves in the middle of two other
hosts that are communicating in order to view and/or modify the traffic.
 This will do by making sure that all communication going to or from the target host is routed through the attacker’s
host.

 Then the attacker can be able to observe all traffic before transmitting it and can actually modify or block traffic. To
the target host, communication is occurring normally, since all expected replies are received. Fig. shows this type of
attack.

Man-in-middle attack

 If the communication is encrypted then the amount of information that can be obtained in a man-in-the-middle
attack.
Define term Replay?

 A replay attack is an attack where the attacker captures a portion of a communication between two parties and
retransmits it after some time.

 For Example, an attacker might replay a series of commands and codes used in a financial transaction in order to
cause the transaction to be conducted multiple times.
 Normally replay attacks are associated with attempts to avoid authentication mechanisms, like as the capturing and
reuse of a certificate or ticket.

Replay attack

What is TCP/IP Hijacking attack?

 TCP/IP hacking is the process of taking control of an already existing session between a client and a server.

 The main benefit to an attacker of hijacking over attempting to enter a computer system or network is that the
attacker doesn’t have to avoid any authentication mechanisms, since the user has already authenticated and
established the session.
 When the user has completed its authentication sequence, the attacker can then take the session and carry similar to
the attacker, and not the user, had authenticated with the system.
 To prevent the user from noticing anything unusual the attacker may decide to attack the user’s system and perform
a Denial-of-Service attack on it, so that the user and the system, will not notice the extra traffic that is taking place.
 Generally hack attacks are used against web and telnet sessions. The hijacker will need to provide the correct
sequence number to continue the appropriated sessions.

What is Operating System Updates? Define Hotfix, Patch & Service Packs.

 Operating systems are large and complex mixture of interconnected software modules written by several of separate
individuals.

 When operating systems is continually growing and introduces new functions then the potential for problems with
that code will also increase.
 It is almost not possible for an operating system vendor to test their product on each possible platform under every
possible situation, so the functionality and security issues are occurred after released of operating system.
 To the standard user or system administrator is constant stream of updates designed to correct problems, replace
sections of code, or even add new features to an installed operating system. Vendors typically follows a hierarchy for
software updates given below :
Hotfix

 Normally this is a term given to a small software update designed to address a particular problem like buffer overflow
in an application that exposes the system to attacks.
 Hotfixes are typically developed in reaction to a discovered problem; they are produced and then released rather
quickly.
Patch
 This term is generally applied to a more formal, larger software update that may address several or many software
problems.
 Patches often contain improvements or additional capabilities and fixes for known bugs. Patches are usually
developed over a longer period of time.
Service pack

 Usually this term is given to a large collection of patches and hotfixes that are rolled into a single, rather large
package.
 Service packs are designed to bring a system up to the latest known, good level all at once, rather than requiring the
user or system administrator to download several of updates separately.
 Like from LINUX to Windows each and every operating system needs software updates, and every operating system
has different methods of helping users in keeping their system up-to-date. For example, Microsoft provides updates,
which needs to be downloaded from web site.

Information Security

Define term Information -

Information is a resource fundamental to the success of any business information is a combination of following three
parts.
1. Data : It is a collection of all types of information which can be stored and used as per requirement.
For Example - personal data, medical information, accounting data etc.

2. Knowledge : It is based on data that is organized, synthesized or summarized and it is carried by experienced
employees in the organization.

3. Action : It is used to pass the required information to a person who needs it with the help of information
system.
Information is a important asset and need to be protected all the time.

What is Need and Importance of Information?

 Today’s world Computers are very essential today to check mails, bank transactions etc. So, we need a system that
manage and server the information/data to people when they need it.
 Information is important part of every organization because damage to information/data can cause disruptions in a
normal process of organization like financial loss etc.
 An information system includes hardware, software, data, and application etc. to manage information. Information is
one of the most valuable resources of an organization so, its management is crucial to making good business decision.

Information System within Organization

 The main objective of an information system is to monitor and document the operations of other systems.
 An organization requires information system strategic plan to :

o Discover the area where information technology can be used.

o Communicate to management about need and concern of use of IT.
 o Reduce the IT expenses.
o Use of IT applications in strategic area of the organization to improve the services.
o Ensure integration and phase wise implementation of IT efforts.
 Today, Information technology is a key component of competitive strategy. Hence any multinational organization
should tightly link their information and communication flow requirements.

 To satisfy the decision making capability, the Information System (IS) should be call for intensive and complex
interaction between different units in the organization.

Information Classification

 Generally organizations will classify their information to provide information security.

 The main reason for classifying information is that all data or information of organization will not have the same level
of criticality. Some information or data may be important for some people in organization like senior management for
strategic decisions.
 Some data like formulae, secrete of trade, product information etc. are important because loss of such information
will harm the organization in many ways like organization’s goodwill, market etc. Hence, classification of information
will be beneficial for organization to decide level of security.
 The main aim of the organization is to improve Confidentiality, Integrity and Availability (CIA) of information and to
reduce the risk related to information.
 Information classification is important component while securing any trusted system like government sectors. In such
areas, information classification is very critical and it is used to prevent unauthorized access to the system and
achieve confidentiality.
 Another reason of classification may be because of privacy laws and legislations or any other compliance.
 Classification of information and information assets will help organization to employ security policies and security
procedures for protection of information and assets that are more critical.
 Advantages of information classification are as follows :
o Information classification is a commitment to the organization for security protection.
o Information classification will help organization to identify which information is critical and more sensitive.
o Information classification supports CIA - Confidentiality, Integrity and Availability.
o Information classification will help organization to decide what type of protection is applied to which type of
information.
o Information classification will fulfill the legal requirement to legal mandates, compliance and regulations.
 In organization classification should be based on sensitivity of information towards its loss and disclosure. Its job of
information owner to define level of sensitivity of the information. This will help to properly implement security
controls based on classification of information.

Criteria for Information Classification

 The information classification defines what kind of information is stored on a system. Based on that classification, the
information may need additional protections in place.
 Levels of Information classifications used in Government or Military are as follows :
1. Unclassified : Information is not classified as well as not sensitive. Information access is public and will not affect
confidentiality. The information is low-impact, and hence it does not require any security.

2. Sensitivity but unclassified : Information is less sensitive and if gets disclosed then it will not create serious
damage to the organization.
3. Confidential : The unauthorized access to confidential information will cause damage or be prejudicial to
national security. This label is used for information which is labeled between Sensitive but Unclassified (SBU) and
Secrete.
 4. Secret : Secret label should be applied to the information where the unauthorized disclosure of such information
could cause serious damage to the national security.
5. Top Secret : Top Secret shall be applied to information where the unauthorized disclosure of this type of
information could cause exceptionally grave damage to the national security. This is the highest level of
classification.
 Organization should provide data/information to concerned employees based on “need-to-know” criteria.
Hence, following classification can be used in many private or commercial organizations.
1. Public : It is similar to unclassified information, the information which is not fit into any level then that
information can have a public access, because disclosure of such information will not create serious impact on
organization.
2. Sensitive : This type of information needs higher level of classification than normal information. Such type of
information needs security for confidentiality as well as integrity.

3. Private : This type of information is personal in nature and used by company only. The disclosure of such
information can affect company and its employees. For example - medical information, salary information etc.
 Following are the criteria used to decide classification of information.

1. Value : It is the common criteria of information classification. When the information is more valuable for
organization then that information should be classified.
2. Age : Age states that the classification of information might be lowered if the information’s value decreases over
time. For example - if the documents are classified and then they are automatically declassified after specific
time period.

3. Useful Life : Useful Life states that if the information has been made out-of-date due to new information or any
other reasons then that information can regularly be declassified.
4. Personal Association : The information which is personally associated with particular individuals or it is
addressed by a privacy law then such information should be classified.

Security

 Security is the method which makes the accessibility of information or system more reliable.

 Security means to protect information or system from unauthorized users like attackers, who do harm to system or to
network intentionally or unintentionally.
 Security is not only to protect system or network, but also allows authorized users to access the system or network.
 For protecting any organizations, following multi-layers of securities are important.

o Physical Security : It will protect physical items/assets like Hard disk, RAM, objects or areas from unauthorized
users.
o Personal Security : It will protect the individual users or groups in the organization who are authorized to use
operations and organization.
o Operational Security : It will protect details of particular operations/series of activities in the organization.
o Communication Security : It will protect communication technology, media and content of communication.
o Network Security : It will protect networking components like router, bridges, connections and contents etc.
o Information Security : It will protect all informational assets. It contains management information security,
computer and data security and network security.
 Component of Information Security

 Organization should implement tools like policy, training and education to provide security to information and its
system.

Need of Information Security

 Now a day Information security is the emerging field because of wide use of computers in day to day life.

 Information security is not only related to computer system or information but it should apply to all aspects of
safeguarding or protecting information or data in any form or media.
 It is very much important to protect system or network from unauthorized access or modification like- insertion or
deletion of some part of information.
 Security means to protection of information or data in some form from unauthorized use.
 For any organization, Information security performs following four important functions.

1. Protect the organization’s ability to function

 It is the responsibility of both IT management and general management to implement information security which
protects the organizational ability to function.

 Information security is a part of management than technology. For example - in payroll system, it is more job of
management than mathematical computations.
 Policy and its implementation are important in information security than technology which is implementing it.

 So each organization, who are interested in implementing information security must address security in terms of
business impact and the cost of business interruption rather than focusing on security as a technical problem.

2. Enables safe operations of applications

 Now days many organization purchase and operate integrated, efficient and capable applications.
 These applications are very much important for the organizations infrastructure like - email, messaging
applications, OS platforms etc.

 Hence it is need of an organization to create an environment that will protect such applications which are
running under organization’s IT system.
 Such applications can either be purchased or developed by organization itself.

 Hence after setting infrastructure, it is job of management to observe it and hand over the responsibility of
entire infrastructure to IT department of an organization.

3. Protects the data collected and used by organization

 Data is the most important factor of any organization, without it organization loses its records of transactions,
customers etc.
 Any organization like government, business, educational institutes depend on information system to support
various transactions.
  The valuable data attract attackers to steal or corrupt the data; hence the protections of data in motion or at rest
are the important for information security.
 Therefore management should protect the integrity and value of organization’s data by implementing effective
information security programs.

4. Safeguard the technological assets of an organization

 To work effectively, an organization should add secure infrastructure services.

 Small businesses can use ISP and personal encryption tool for email services whereas large organizations can use
Public Kay Infrastructure (PKI) which uses digital certificate to check confidentiality of the transaction.
 Hence, as organization grows, more robust and secure technologies are required to replace previous security
programs like Firewall.

Basics Principles of Information Security

Information Security Goals

 These security goals are key requirement for security and it is also known as “Pillars of Information Security”.

 Onion skin is the ideal approach for security. It is a layered security mechanism hence if failure of any of the security
control means the asset is not completely unsecure means ‘defense-in-depth’.
 “Defense-in-depth” is the concept of protecting an information assets and system with a series of defensive
mechanisms in such a way that if one mechanism fails, another will already be in place to stop an attack.
 In information security, a system can be :

o A product or component like motherboard, protocol etc.

o An operating system,
o A Communication System,
o Organization staff, structure, policies, procedures etc as a collection,
o Internet
o An Application System- payroll system etc.
Layered Security