UNIT 1

Network Security Threats Explained Computers have become an integral part of our life and network security threats are something that we usually fear and hear about often. Whether it is a personal computer or a computer being used in a huge corporate company, each computer needs to be protected from the computer network security threats. The moment we have a computer ready to be used, we also have it readily exposed to the network security threats such as various virus and bugs which can damage the functionality of the computer. In addition to these network security threats the personal information of the owner which might be stored in the computer is also at risk if the computer has not been protected from the hackers who are ever ready to steal that stored information from your computer. In order to protect our computers from the network security threats that it is exposed to, we need to first understand the different types of threats that exist, only then we will be able to safeguard our computer. The most common kind of network security threats that computers are exposed to, are the threat of Viruses. It is important to know that a virus is usually sent as a downloadable attachment which is in the form of an executable file. Once a person downloads a file and runs it, thats when the problem starts. The moment the executable file is run the computer gets affected by the network security threats and a virus has now been downloaded by the user.

The function of the virus is usually related to corrupting the files which are on the system; this could be the software related file or the actual hardware itself. There are certain viruses which are less harmful and affect only certain types of software which are on the computer. However there are many softwares which completely rash the hardware of the computer the moment that they are downloaded and executed. Such viruses are listed as the top most computer network security threats. Authenticity Charles Taylor has made a remarkable attempt to recover the moral ideal of authenticity as opposed to the debased form of authenticity, that leads to individualism.1 He points at the dialogical nature of authenticity, and finally, in another work,2 justifies the need for recognition. I want to show that the middle part of this chain of argument, dialogicality, if properly understood, cannot lead us to recognition in the sense Taylor ascribes to the latter. Authentication is the act of confirming the truth of an attribute of a datum or entity. This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one In art, antiques, and anthropology, a common problem is verifying that a person has the said identity or a given artifact was produced by a certain person, or was produced in a certain place or period of history. There are three types of techniques for doing this. The first type authentication is accepting proof of identity given by a credible person which has evidence on the said identity or on the originator and the object under assessment as his artifact respectively. The second type authentication is comparing the attributes of the object itself to what is known about objects of that origin. For example, an art expert might look for similarities in the style of painting, check the location and form of a signature, or compare the object to an old photograph. An archaeologist might use carbon dating to verify the age of an artifact, do a chemical analysis of the materials used, or compare the style of construction or decoration to other artifacts of similar origin.

Integrity is a concept of consistency of actions, values, methods, measures, principles, expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness oraccuracy of one's actions. Integrity can be regarded as the opposite of hypocrisy,[1] in that it regards internal consistency as a virtue, and suggests that parties holding apparently conflicting values should account for the discrepancy or alter their beliefs.

The word "integrity" stems from the Latin adjective integer (whole, complete).[2] In this context, integrity is the inner sense of "wholeness" deriving from qualities such as honesty and consistency of character. As such, one may judge that others "have integrity" to the extent that they act according to the values, beliefs and principles they claim to hold. Testing of integrity One can test a value system's integrity either: 1. subjectively, by human constructs of accountability and internal consistency, or 2. objectively, via the Scientific Method Integrity in Relation to Value Systems The actions of an entity (person or group) may be measured for consistency against that entity's espoused value system to determine integrity. This type of measurement is subjective because its measures rely on the values of the party doing the testing. Testing Integrity via the Scientific Method The Scientific Method assumes that a system with perfect integrity yields a singular extrapolation within its domain that one can test against observed results. Where the results of the test match the expectations of the scientific hypothesis, integrity exists between the cause and effect of the hypothesis by way of its methods and measures.

Confidentiality What is Confidentiality? Within the context of professional ethics, observing the principle of confidentiality means keeping information given by or about an individual in the course of a professional relationship secure and secret from others. This confidentiality is seen as central to the maintenance of trust between professional and service-user. The obligation to maintain confidentiality does not normally end with the individual's death. Confidentiality is owed equally to mature and immature minors, and adults who lack the capacity to make decisions for themselves. It also applies to fellow professionals and students studying to enter ones profession. It applies to all forms of transmission; verbal, written, digital, manual or hardcopy records, videos and illustrations etc. wherever they can be identified with a specific individual. Within research, the Governance arrangements for NHS Research Ethics Committees state that a favourable opinion from a Research Ethics Committee will only be given if include that they be adequately reassured about the Protection of research participants confidentiality. This includes: A description of an individuals who will have access to personal data of the research participants, including medical records and biological samples. The measures taken to ensure the confidentiality and security of personal information concerning research participants. The extent to which the information will be anonymised. How the data/samples will be obtained, and the purposes for which they will be used.

 How long the data/samples will be kept. To which countries, if any, the data/samples will be sent. The adequacy of the process for obtaining consent for the above1. Confidentiality is an ethical principle associated with several professions (e.g., medicine, law). In ethics, and (in some places) in law and alternative forms of legal resolution such asmediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to third parties. Confidentiality has also been defined by the International Organization for Standardization (ISO) in ISO-17799 [1] as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography. Confidentiality of information, enforced in an adaptation of the military's classic "need to know" principle, forms the cornerstone of information security in today's corporations. The so called 'confidentiality bubble' restricts information flows, with both positive and negative consequences.

Availability If one considers both reliability (probability that the item will not fail) and maintainability (the probability that the item is successfully restored after failure), then an additional metric is needed for the probability that the component/system is operational at a given time, t (i.e. has not failed or it has been restored after failure). This metric is availability. Availability is a performance criterion for repairable systems that accounts for both the reliability and maintainability properties of a component or system. It is defined as the probability that the system is operating properly when it is requested for use. That is, availability is the probability that a system is not failed or undergoing a repair action when it needs to be used. For example, if a lamp has a 99.9% availability, there will be one time out of a thousand that someone needs to use the lamp and finds out that the lamp is not operational either because the lamp is burned out or the lamp is in the process of being replaced. (Note: Availability is always associated with time, much like reliability and maintainability. As we will see in later sections, there are different availability classifications and for some of which, the definition depends on the time under consideration. Since no discussion about these classifications has been made yet, the time variable has been left out of this 99.9% availability statement.) This metric alone tells us nothing about how many times the lamp has been replaced. For all we know, the lamp may be replaced every day or it could have never been replaced at all. Other metrics are still important and needed, such as the lamp's reliability. The next table illustrates the relationship between reliability, maintainability and availability.

Availability Classifications The definition of availability is somewhat flexible and is largely based on what types of downtimes one chooses to consider in the analysis. As a result, there are a number of different classifications of availability, such as:

Instantaneous (or Point) Availability. Average Up-Time Availability (or Mean Availability). Steady State Availability. Inherent Availability. Achieved Availability. Operational Availability

Sources of Danger

For want of this knowledge, the lives of most of the people of the world are lived in mortal peril. There is no doubt that perilous times have come upon us. Just the other day I thought that it would be valuable to make an interesting list of a few of the sources of danger that are going in our present world. These include: The danger of nuclear warEven now, rogue nations around the worldnations such as Iraq and North Koreaare racing to develop nuclear capabilities, and with these weapons of mass destruction in the hands of a few madmen, the world will most assuredly face the prospect of nuclear war sometime in the future. How soon is anyone's guess, but the clock is ticking. Conventional warfareIn World War II, more people died in one day at Dresden, Germany than died in the nuclear blast in Hiroshima. War in our time turns into a massive and unspeakably cruel situation. Even our own beloved nation may be in an all-out war in the notto-distant future. Chemical and biological warfareThis is now touted as being a serious concern especially as smaller nations take to themselves chemical and biological war capabilities. Saddam Hussein has become a serious threat to the health and stability of the world due to his manufacture and stockpiling of these deadly agents. Radical revolutionWe get reports again and again of thousands dying in a nation in Africa or Asia because the leaders disagree with one another. Revolutionary war rarely accomplishes anything except to decrease the population.

There are several other kinds of war, but they amount to a horrible scene of mass murder and often the destruction of a nation. Global economic collapseLarge areas of the world are even now coming apart financially. Japan has been in economic recessionalmost depressionfor so many years that it is beginning to look as though it is a permanent condition. Even in the United States, the economy has been on the edge of recession for months. How soon before the entire world economy falls like a house of cards? Moral declineBig Brothers Big Sisters of America recently dropped a bombshell on those who defend the family and traditional Judeo-Christian values. A directive was issued from their national leadership mandating that all local chapters must allow homosexuals as youth mentors. Technical failureDespite all the carefulness, airplanes continue to drop into the Atlantic or Pacific Ocean or hit a mountainside somewhere; someone quite obviously neglected his responsibilities. Social violenceAt this present time, men and womeneven boys and girlsare running around the darkened streets of our cities with AK47 assault rifles. Many Americans have even lived in fear, recently, of becoming the victim of some random sniping incident. Youth criminalityEvil subcultures have developed in our world in which teenagers become bosses and order other young people around on pain of death. Again, the law seems helpless and impotent before this onslaught. These are just a few of the mounting evils in our society. Much more could be said about drug addiction, youth brutality and a hundred other violations of the moral law of the God of the universe Types of Computer Crimes Computer crimes are criminal activities, which involve the use of information technology to gain an illegal or an unauthorized access to a computer system with intent of damaging, deleting or altering computer data. Computer crimes also include the activities such as electronic frauds, misuse of devices, identity theft and data as well as system interference. Computer crimes may not necessarily involve damage to physical property. They rather include the manipulation of confidential data and critical information. Computer crimes involve activities of software theft, wherein the privacy of the users is hampered. These criminal activities involve the breach of human and information privacy, as also the theft and illegal alteration of system critical information. The different types of computer crimes have necessitated the introduction and use of newer and more effective security measures. Hacking: The activity of breaking into a computer system to gain an unauthorized access is known as hacking. The act of defeating the security capabilities of a computer system in order to obtain an illegal access to the information stored on the computer system is called hacking. The unauthorized revelation of passwords with intent to gain an unauthorized access to the private communication of an organization of a user is one of the widely known computer crimes. Another highly dangerous computer crime is the hacking of IP addresses in

order to transact with a false identity, thus remaining anonymous while carrying out the criminal activities. Phishing: Phishing is the act of attempting to acquire sensitive information like usernames, passwords and credit card details by disguising as a trustworthy source. Phishing is carried out through emails or by luring the users to enter personal information through fake websites. Criminals often use websites that have a look and feel of some popular website, which makes the users feel safe to enter their details there. Computer Viruses: Computer viruses are computer programs that can replicate themselves and harm the computer systems on a network without the knowledge of the system users. Viruses spread to other computers through network file system, through the network, Internet or by the means of removable devices like USB drives and CDs. Computer viruses are after all, forms of malicious codes written with an aim to harm a computer system and destroy information. Writing computer viruses is a criminal activity as virus infections can crash computer systems, thereby destroying great amounts of critical data. Cyberstalking: The use of communication technology, mainly the Internet, to torture other individuals is known as cyberstalking. False accusations, transmission of threats and damage to data and equipment fall under the class of cyberstalking activities. Cyberstalkers often target the users by means of chat rooms, online forums and social networking websites to gather user information and harass the users on the basis of the information gathered. Obscene emails, abusive phone calls and other such serious effects of cyberstalking have made it a type of computer crime. Identity Theft: This is one of the most serious frauds as it involves stealing money and obtaining other benefits through the use of a false identity. It is the act of pretending to be someone else by using someone else's identity as one's own. Financial identity theft involves the use of a false identity to obtain goods and services and a commercial identity theft is the using of someone elses business name or credit card details for commercial purposes. Identity cloning is the use of another user's information to pose as a false user. Illegal migration, terrorism and blackmail are often made possible by means of identity theft. The different types of computer crimes involve an illegal exploitation of the computer and communication technology for criminal activities. While the advancing technology has served as a boon to mankind, the destructively directed human intellects are all set to turn technology into a curse. However, crimes are sure to end, as it is truth that always triumphs! Scavenging Scavenging is the obtaining of information left around a computer system, in the computer room rubbish bins, etc. Bin diving (called 'Dumpster Diving' in the US) also involves obtaining sensitive information from an organisation's rubbish receptacles and bins. This also refers to scavenging from areas of hard disks that are not in use by files but are currently 'file slack' or 'unallocated clusters' Wiretapping Wiretapping is the preferred method of obtaining intelligence (for quality reasons), it involves tying into a wire or other conductor that is used for communications. This wire can be a telephone line, a PBX cable, a local area network, a CCTV video system, an alarm

system, or any other communications medium. The goal in a wiretapping is to secure high quality information, and to minimize the possibility of the eavesdropping being detected (remember radiated signals are easy to detect). Look inside of your "electrical or phone closet" at your office to see how easy it would be to plant a bug! Wiretaps are broken into four primary categories (Hardwired, Soft, Record, and Transmit). A Hardwired Wiretap, is when physical access is gained to a section of wire that the signal (i.e.: telephone line) travels on. A second set of wires is attached (normally through the use of an isolation or slave device), the signal is then bridged back to a secure location. This type of wiretap when discovered is fairly easy to trace back to the listening post. This type of wiretap is very popular with the police, but is usually outside the scope of most eavesdroppers. If the eavesdropper is using a "slave" or similar isolation device on a telephone the tap will be virtually impossible for anybody except a highly trained or properly equipped "bug sweep" professional to find (and there only around a dozen of these in the US). A Soft Wiretap, is a modification to the software used to run the phone system. This can be done at the telephone company, or in the case of a business, the PBX. A soft wiretap is a preferred method to tap a phone, easy to catch on a PBX, but tougher to find in the phone company's system. It is sometimes called a REMOBS (REMote OBServation), DATU, ESS, or translation tap. This type of tap is very popular with large law enforcement agencies, intelligence agencies, larger corporations, and with hackers who find it quite simple to gain access via maintenance software. This type of tap is actually very simple to find, but does require completely un-restricted access to the inner workings on the phone company's computers (which is very tough to obtain). A Recording Wiretap, is nothing more than a tape recorder wired into the phone line, very easy to find on a TSCM inspection. Similar to a hardwired wiretap, but the tapes must be changed on a regular basis. This is very, very popular with amateur spies, and private investigators, but they are very dangerous to use, and many eavesdroppers have been caught red-handed when they showed up to service their illicit recorder. Digital recorders are replacing tapes, but as with the tape recorder, someone has to retrieve the data. A Transmit Wiretap, is an RF transmitter (or "Bug") connected to a wire (often containing a microphone itself). This type of tap is very popular, however; the RF energy it produces radically increases the chance that it will be detected by a competent "Bug Sweeping" specialist (known in the business as a "TSCM Specialist" or Practitioner). Wiretaps are extremely difficult to detect (if properly installed), require a very high level of technical expertise, and a great deal of equipment to locate. It is virtually impossible to detect most wiretaps with any spy shop toy, bug detectors, and other such gizmo's. Instead the TSCM specialist has to use hundreds, and often thousands of pounds of highly sophisticated laboratory grade instruments, and perform hundreds of highly sensitive measurements.