1-2W(CC-Sem3 & 4) Introduction. Introduction, What is Computer Security and What to Learn ? Questions-Answers Long Answer Type and Medium Answer Type Questions Neti ce ceiceriaeainncstices Qug47. | Explain briefly computer security. How you will design Policies for information security within an organization ? 1. Computer ity is the protection of information systems from theft or damage to the hardware, software and to the information on them. 2. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators. We can design the policies for information security within an organization by providing : 1. Confidentiality : Only authorized users can access the data resources and information. 2 Integrity : Only authorized users should be able to modify the data when needed. 3. Availability : Data should be available to users when needed. 4. Authentication : Communicating with the authorized. Que 1.2, ‘ich components of the computer system need to be % Answer | ‘The components of a computer system that needs to be protected are : 1. Hardware : The physical part of the computer, like the system memory and disk drive. 2 Firmware : Permanent software that is etched into a hardware device's non-volatile memory and is mostly invisible to the user. 3 Software : The programming that offers services, like operating system, word processor, internet browser to the user. MIDI Discs ns goats at corapate seis sini.Computer System Security 1-3W(CC-Sem3 44) lecting confidential information) and dumpster information so as to gain unauthoriand seseey, Operating system :The system must protect ite fom sccdentalor purposeful security breaches. Se could be just as harmful as breaking Network should be properly secured against such attael Que 14. |fiow can an organization protect its computer system hardwate ? - Answer Five steps to protect computer system hardware are: 1. Install firewall : 4. firewall enacts the role ofa security guard, _ b. A firewall is the first step to provide security to the computer. It creates a barrier betwee the compiler and any unauthorized rogram ts ying to come in through the Internet. 2 Install antivirus software : & Antivirus is a software that helps to protect the computer from any. ‘unauthorized code or software that creates a thret tothe system. b. “Unauthorized software includes viruses, keyloggers, Trojans ete- Eieapaantnen © It scans all the incoming information and helps in backing the 2 Protection against data from theft. 3. Prt th compte fom ing hah — 1. Firewallscan be difficult ocean 2 Makes the systom slower, 3 Need keep opting thn stare inorder epee uP @ 4 ter werage user,‘computer system. rawict GS titi Prey mochaniems used to provide security in compatr system 1 ncipherment: a Eneipherment ia an algorithm ured for perform , Far cin by converting information frm plinea tephra b. Cryptography and steganography are used for enciphering. z rH 5 signthe d can b, Public and private keys can be used. 4. Authentication exchange In authentication exchange, two entice richange some messages fo prove their dex 5 Traffiepadding: Trafic the data traffic to prev 7 Routing control : Routing control means selecting and continuously ailable routes between sender and receiver 10 a trusted third party to store the sender ‘prevent the sender from later denying tt they 2 Pasowords : Strong passwords sa Hine oT das PA ackers are tying to force ther way nto your network:19WCCSem3a4) CompatorSystemSecurity SO WIOU mo Mobi devices: a. Many-companies have Bring Your Own Devices (BYOD) policies to ‘manage and track the mobile devices brought in hy empIMEES b. These policies st expectations for which devices employees can ise the security these devices require, and how the data on these devices willbe managed 4. Internet use: a Geren mes of ieee wane ‘can put our organization at ahigher_ egber security risk. Ea agen one bh Toprevent this risk, write clear policios that define how employees The internet, what typesof content should be avoided, and Fhould be tsed todo s0 PART-2 » Sample Attacks, The Marketplace For Vulnerabilities, Fr dod Hacking Digital India Part 1 Chase. | Long Answer Type and Medium Answer Type Questions fap aa fa various attacks in computer security. Various attacks in computer security + 1 Malware: ‘Questions-Answers a Malwareis Finsomesse virsesendworms f b sage network through vulnerability typically when ser cicks dangerous lnk or email attachment that then installs i 2 Macro viruses : a. These viruses infect applications suchas Microsoft Word o Bs js used to describe malicious software, including spyware, The ve erecord infectors = arr arcs to the master boat record on hard cord virus attaches to the me sp isstarted, it willlook at tbe hoot seetor seaiass yemory, ‘where it can propagate to other disks $8Ee 10. Ransomware Ransomware isa ‘he victim's data and threatens to publish or del Paid b Adropper canals connect tthe ‘virus oftware that is residen ML. Denial of service attack : L I ete ren np ic A denial of service attach ‘ralfic to exhaust resources and bandwidth, AS a result, the 5 ‘known as a Distributed Denial of Service (DDoS) attack. ‘Write short note on server-side attack and insider attack. k floods systems, servers, ornetworks with system is unable to fulfill legitimate request, ‘use multiple compromised devices tolaunch this attack. ie7. Evidence s y ‘Uggests that these Choice and should be the focus of matt aoe see Vi dr ic cation reforms i How RETA] tow carve defend zero-day vulnerabilities ? 1. A zero-day vulngrabi * lity is a computer soft - <— stim ta, or naddreasel ae ear valnerai zero-day exploit, oreero-day 4. ‘The term ‘zero-day’ ‘zero-day’ referred to the numberof ae term sored zefeved ber of days since anew pice of leased tothe public. So, zeroday software was ste lease. OTe term was applied to the vulnerabilities that allowed this hackin id to the number of days that the vendor has had to fix them, create patches or advise workarounds to mitigate i yo ‘The more recently that the vendor has become aware ofthe vulnerability, the moro likely that no fix or mitigation has been developed. Even after a fixis developed, the fewer the days, the higher the probability that an attack against the afflicted software will be successful, because ° = : 3 q ted update that h: {ta user has applied a vendor-supplied patch that} is zero, so the exploit would remain available. Zero-day are a severe threat. Discuss error 404 hacking digital India part I chase, ja part I chase, the cyber crime and cyber 1. Terror 404 hacking digit fase like bank detail and pyrsonal attacks hack the information of information. attacker or hacker creates an attra 1 tonsted and plays that video ito 8 .¢ of buffering, hacker x but also have complete Facebook, Whatsapp and most Juding our CVV number. ean know our current loc ‘access to our contacts, text mes importantly our bank details, inc Tntrodvetion ae ee ating a kind Trojan file, and android apk fies ‘istibued allover the interns. Tove deed sacked ea ‘common in error 404 hacking. \-server computer program whieh ‘and web technology to all ire and retrieve data tofrom| rere is flaw inthe web applicbuffer overflow in control hijacking. ‘Answer Control hijacking : Refer Que What is control hijacking with an example ? Exp! oe ee ye tem Security ——— 16 WOH oy Discus oon a conto Making in compu oe Hijacking 'akes co fTaksover target machi example web server) Exccute arbitrary code on target by hacking wpliation contra ‘There are three types of control hijacking in computer security iain the term af | [ARTO 2010-20, Maka 10) Page 1-15W, Unit Buffer overflow in Control Hijacking : ‘Buffers are memory storage regions that temporarily hold data while t is being 1 transferred from one location to another. yhen the volume of data ‘A buffer overflow (or buffer overrun) occurs axceods the storage capacity of the memory buffer the program attempting to write the data tothe bier ent memory locations. Attackers exploit buffer overflow issues ne eins ae ae i execution path of the progras| anappliaton, Tis changes Sereepose private informtih| a response that damages files or exposes P ps0 Ww Cl-Bem A gore the types of aller overiowattehas; fa. Stack-hased buffer averflown : Theve are [erage stack memory that only is by siecersard af» function. va ree nae Hleap-bared attacks Those are harder to carry ot sia apc alee fr a progr bend a ime erations How to prevent buffer overflow attack ? 6 ‘buffer overfiow attack can be prevented using 1 Address Space Randomization (ASL) : it randomly moves around the address space locations of regions. dca b, Buffer overflow attacks need to know the loeait ity of expentable code, and randomizing address spaces makes this virtually impo Data cencution prevention ai pape enrai cused esi erento tis eee cycan sek Gomeuingteoestemeaitioaee Street fevepion Handler Overerke Proton EO; ‘a. It helps to stop malicious code from attacking Structured | ‘ Mtg COBH), a bulla oye for managing herd ad faced buffer overflow to overwrite an exeption registration ead stored on a thread's stack. . jlain integer overflow attack. An integer overflow attack occurs when an attacker causes valu in the program to be large enough to overflow unexpectedly ‘Acommon form of this attack isto cause a bufler tobe allocated that is to atl data copied nt itater, has oan aber oveior 3. We are able to detect buffer overflow attacks in the same way a8 & normal buffer overflow attack ‘overflow is the condition that oceurs when the result of an operation, such as multiplication oration, exceeds the ‘maximum size ofthe integer types usod to store it AnComputer System Security 1ATW(COSem 9, Computer System: Swy___tarwcoe 8 Moen anne vio henge have wrapped wound th mann a imum as artic an ae SEETIRY tow cans prevent integer oerfow stack Anew] Inter overtow cam be prevented hy: 1 Avoldan ‘and formal verification techniques ean be used that overflow does not occur. fed that overflow may occur, then tests ean be inserted im to detect when it happensand deatber processing be assigned a special value ee hijacking attack ? attack is controlled through : is. in safe language. but prevent code execution. todetect overflows exploits ‘hen overflow exploit detected 5 non-execute tack code exeation hy marking tack and heap as le. ts for stack integrity. : “canaries” in stack frames and verify their integrity m return. There are two types of canaries :‘Computer System: 1-19 W(CO-Hem-t 44) we yg inchowen at program startup, weap mpray attack + echniques used in I yext object O eript allocations and frees make heap ‘GaRTHT] peta heap spray mack witht technawen? we] Tree blac a Heap epraying i technique used in exploits arbitrary coo tack, we put number of epy of exp loin a heaps x ihed for exploiting heap overflows as shove” Object O Pig. 12. method javaScript and cause overflow, ii; Suocesafully used against a safari PCRE overflow. Heap spray control hijacking can be prevented as : a ” Object T Fig 12971. ‘a separate heap from browser heap, After overflow of buf (buffer), bust2s6) ‘Fig 1272. Here, attacker des not know where browser heap. aces shell code on the