Chapter – 1

Introduction To Security
Concepts
 Overview
 Computers today are used not only in the
home and office, but in a countless of crucial
and sensitive applications.
 we rely on computers in our day today lives !
 Computers are easily disrupted
◦ Accidental spill your cup of coffee on your
computer.
◦ A power loss lasting a fraction of a second may
cause a head crash of the hard disk,

2
 Overview
Definitions
 Security : “the quality or state of being free
from danger” Or “ measures taken to guard
against espionage, sabotage, crime, attack, or
escape.”
 Computer Security: The prevention and
protection of computer from unauthorized
access, use, alteration, degradation, destruction,
and other threats.

3
 Overview

 Attacks/threat: any activity that aims to

gain access to computers for malicious
purposes.
 Vulnerability/security hole: refer to a
state that can be exploited for such an
attack.
 Privacy: The right of the individual to be
protected against intrusion into his personal
life or affairs, or those of his family, by direct
physical means or by publication of information.
4
Overview

 Assets
◦ Things we might want to protect:
 Hardware
 Software
 Data

5
Network Protocol & Security
 Network protocols are a set of rules and
conventions that govern how data is
transmitted and received over a network.
 These protocols define:
◦ format of data packets,
◦ error handling,
◦ addressing, and other aspects of network
communication.

6
TCP/IP Protocol Suite
 It is the foundation of modern networking. It consists of
several layers, each with its own set of protocols.

1. Application Layer: This layer includes protocols like

HTTP, FTP, SMTP, and DNS. It deals with application-level
data and user interactions.
2. Transport Layer: is responsible for end-to-end
communication. It includes TCP for reliable, connection-
oriented communication and UDP for connectionless
communication.
3. Internet Layer: is primarily governed by the IP. It is
responsible for routing and addressing data packets to
their destination across networks.
4. Link Layer: includes protocols for the physical and data
link layers of network communication. Ethernet and Wi-Fi
are examples of link layer technologies.

7
Cont…
 TCP/IP communication involves data
encapsulation, where data is wrapped in
various headers and trailers as it moves
down the protocol stack and is
unwrapped as it moves up. Each layer adds
its own header, addressing information,
and control data.

8
Cont…
 Physical Layer Attack: Wiretapping or
eavesdropping on physical communication
channels.
◦ Countermeasure: Use secure physical cabling and
encryption technologies, like VPNs or TLS/SSL for
higher-layer data protection.
 Data Link Layer Attack: MAC address
spoofing, ARP poisoning, or VLAN hopping.
◦ Countermeasure: Implement port security, use
MAC address filtering, employ ARP inspection,
and configure VLAN ACLs (Access Control Lists).

9
Cont…
 Network Layer (IP Layer) Attack: IP spoofing,
DDoS attacks, or routing attacks.
◦ Countermeasure: Implement packet filtering, use
Access Control Lists (ACLs), and deploy intrusion
detection and prevention systems (IDPS) to
mitigate DDoS attacks.
 Transport Layer Attack: Man-in-the-Middle
(MitM) attacks, session hijacking, and SYN
flooding.
◦ Countermeasure: Use Transport Layer Security
(TLS) for encryption, employ firewalls and
intrusion detection systems, and implement
SYN/ACK cookies to prevent SYN flooding.

10
Cont…
 Application Layer Attack: SQL injection,
Cross-Site Scripting (XSS), and Cross-Site
Request Forgery (CSRF).
◦ Countermeasure: Input validation, output
encoding, and parameterized queries to
mitigate SQL injection; implement security
headers and input validation to prevent XSS
and CSRF attacks.

11
 History
 Until 1960s computer security was limited to
physical protection of computers.
 the late 1960s and 1970s
◦ Evolutions
 Computers became interactive
 Multiuser/Multiprogramming & Networking was invented
 More and more data started to be stored in computer databases
◦ Organizations and individuals started to worry about
 What the other persons using computers are doing to their data
 What is happening to their private data stored in large databases
◦ Remote access of data was possible opening up new
possibilities for abuse.

12
 History
 Computer security was almost non-existing before
1980s.(besides physical protection)
 In the 1980s and 1990s
◦ Evolution
 Personal computers were popularized
 LANs and Internet invaded the world
 Applications such as E-commerce, E-government and
E-health started to develop
 Viruses become major threats
◦ Organizations/individuals started to worry
about
 Who has access to their computers and data
 Whether they can trust a mail, a website, etc.
 Whether their privacy is protected in the connected world

13
 History

 In 2000s
◦ Computers become smaller
◦ Computers become parts of our life
◦ Security became a global concern .
 In the past, computer security violations,
such as viruses were caused by
hackers(young adults who did this for fun)
 Today, attacks on computers are planned
and funded by organized criminals and may
be devastating.
14
 History: Famous security problems

• Morris worm – Internet Worm

• November 2, 1988 a worm attacked more
than 60,000 computers around the USA
• Robert Morris became the first person to be
charged for the Computer Fraud and Abuse
Act of 1986
• He was sentenced to three years of probation,
400 hours of community service and a fine of
some $10,000
• He is currently an associate professor at the
Massachusetts Institute of Technology
15
History: Famous security problems…
• NASA shutdown
• In 1990, an Australian computer science student
was charged for shutting down NASA’s computer
system for 24 hours
• Airline computers
• In 1998, a major travel agency discovered that someone
penetrated its ticketing system and has printed airline
tickets illegally
• Bank theft
• In 1984, a bank manager was able to steal $25 million
through un-audited computer transactions

16
History: Famous security problems…

 In 2010,Wikileak
◦ began releasing classified cables that had been
sent to the U.S. State Department by 274 of
its consulates, embassies, and diplomatic
missions around the world. Dated between
December 1966 and February 2010,
◦ the cables contain diplomatic analysis from
world leaders, and the diplomats' assessment
of host countries and their officials.

17
 Activity

 Why does the problem of computer

security exists?
 Why are computers so vulnerable to
attacks and so easy to damage?

18
 Limitations
 Lack of intelligence( can’t think )
 Easy to break computer security than to build
fully secured computers.
◦ only one weakness is enough to launch an attack
 Operating systems: different levels b/n
hardware and GUI(hidden malicious software).
◦ “Easy to use easy to misuse !”
 Internet and its protocols: important Internet
protocols were developed in the 1970s and
1980s, before Internet security became a global
concern.

19
 Basic concepts

 key objectives that are at the heart of computer

security.(C-I-A)
 Confidentiality: Data is confidential if it stays
obscure to all but those authorized to use it.
 Integrity: Data has integrity as long as it remains
identical to its state when the last authorized
user finished with it.
 Availability: Data is available when it is
accessible by authorized users in a convenient
format and within a reasonable time.
20
Basic concepts…
 A computing system is said to be secure if
it has all three properties:
◦ Confidentiality
 Access to systems or data is limited to authorized
parties
◦ Integrity
 When you ask for data, you get the “right” data
◦ Availability
 The system or data is there when you want it

21
 Basic concepts…
Supplements to CIA:
 Authentication
◦ How do I know it's really you?
 Authorization
◦ Now that you are here, what are you allowed to
do?
 Accountability
◦ Who did what, and, perhaps, who pays the bill?

22
Basic concepts…
 Privacy
◦ “informational self-determination”
◦ This means that you get to control
information about you
◦ “Control” means many things:
 Who gets to see it
 Who gets to use it
 What they can use it for
 Who they can give it to

23
 Basic concepts…
vulnerabilities, threats & countermeasures

 vulnerability is a point where a system is

susceptible to attack.
 A threat is a possible danger to the system.
◦ It might be a person (cracker or a spy),
◦ a thing (a faulty piece of equipment),
◦ an event (a fire or a flood) that might exploit a
vulnerability of the system.
 Countermeasures are techniques for
protecting your system.
24
 Vulnerabilities

Physical vulnerabilities
◦ break into your server room, device theft, steal backup
media and printouts,
◦ Locks, guards, Surveillance cams, Burglar alarms
Natural vulnerabilities
◦ vulnerable to natural disasters and to environmental
threats, power loss
◦ Natural disasters: fire, flood, earthquakes, lightning
◦ environmental threats: Dust, humidity, and uneven
temperature conditions
◦ air conditioning and heating systems……UPS,…..backups
25
Vulnerabilities…

Hardware and Software vulnerabilities

◦ protection features failure lead to open security
holes
◦ open some "locked" systems by introducing extra
hardware
◦ Software failures: antivirus ,firewall failures
Media vulnerabilities
◦ can be stolen, damaged by dust or
electromagnetic fields.
◦ keep backup tapes and removable disks clean and
dry
26
Vulnerabilities…

Communication vulnerabilities
◦ Wires can be tapped, physically damaged, EMI
◦ Fiber optics
Human vulnerabilities
◦ the greatest vulnerability of all
◦ Employees, contractors
◦ Choose employees carefully

27
Threats
 Threats fall into three main categories based
on the source: natural, unintentional, and
intentional.
 Natural: fires, floods, power failures, and other
disasters
◦ fire alarms, temperature gauges, and surge
protectors
◦ backing up critical data off-site.
 Unintentional threats: delete a file, change
of security passwords
◦ Training , security procedures and policies

28
Threats…
 Intentional threats: outsiders and insiders
 Outsiders may penetrate systems in a
variety of ways:
◦ simple break-ins of buildings and computer
rooms;
◦ disguised entry as maintenance personnel;
◦ anonymous, electronic entry through modems
and network connections;
◦ and bribery or coercion of inside personnel.
 Although most security mechanisms protect
best against outside intruders, surveys
indicates that most attacks are by insiders.
29
Threats…
 Estimates are that as many as 80 percent of
system penetrations are by fully authorized
users who abuse their access privileges to
perform unauthorized functions.
◦ "The enemy is already in, we hired them.”
 Insiders are sometimes referred as living
Trojan horses
 There are a number of different types of
insiders.
◦ fired or disgruntled employee might be trying to
steal revenge ; employee might have been
blackmailed or bribed by foreign or corporate
enemy agents.
30
Threats…

◦ greedy employee might use her inside knowledge

to divert corporate or customer funds for
personal benefit.
◦ insider might be an operator, a systems
programmer, or even a casual user who is willing
to share a password.
 Don't forget, one of the most dangerous
insiders may simply be lazy or untrained.
◦ He doesn't bother changing passwords,
◦ doesn't learn how to encrypt email messages
and other files,
◦ leaves sensitive printouts in piles on desks and
floors, and ignores the paper shredder when
disposing of documents.
31
 Security Attacks

 Any action that compromises the security of

information owned by an organization.
 Classification security attacks
◦ passive attacks and active attacks.
 A passive attack attempts to learn or make
use of information from the system but does
not affect system resources.
 An active attack attempts to alter system
resources or affect their operation.
32
 Security attacks

Normal flow of information

Interruption Interception

Modification Fabrication

33
Countermeasures

 Authentication
Password,cards,biometrics
 Encryption
 Auditing
 Administrative procedures
 Standards
 Physical security
 Laws
 Backups

34
 Control
◦ Removing or reducing a vulnerability
◦ You control a vulnerability to prevent an
attack and block a threat.

35
 Security services
 AUTHENTICATION
◦ The assurance that the communicating entity is the
one that it claims to be
 ACCESS CONTROL
◦ The prevention of unauthorized use of a resource
(i.e., this service controls who can have access to a
resource, under what conditions access can occur,
and what those accessing the resource are allowed
to do).
 DATA CONFIDENTIALITY
◦ The protection of data from unauthorized
disclosure.
36
 Security services…
 DATA INTEGRITY
◦ The assurance that data received are exactly
as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
 NONREPUDIATION
◦ Provides protection against denial by one of
the entities involved in a communication of
having participated in all or part of the
communication.

37
 Goals of security
Prevention : means that an attack will fail.
◦ Eg. passwords ( prevent unauthorized users from accessing
the system).
Detection : is most useful when an attack cannot be
prevented, but it can also indicate the effectiveness of
preventative measures.
◦ Detection mechanisms accept that an attack will occur;
◦ determine that an attack is underway, or has occurred, and
report it.
◦ The attack may be monitored, however, to provide data
about its nature, severity, and results.

38
Goals…

 Recovery : requires resumption of

correct operation.
◦ has two forms.
 The first is to stop an attack and to
assess and repair any damage caused by
that attack.
◦ E.g if the attacker deletes a file, recovery
restore the file from backup tapes.
◦ the attacker may return, so recovery involves
identification and fixing of the vulnerabilities
used by the attacker to enter the system
39
 Goals
 In a second form of recovery, the system
continues to function correctly while an attack
is underway.
◦ fault tolerance.
 It differs from the first form of recovery,
because at no point does the system function
incorrectly. However, the system may disable
nonessential functionality.

40
Malicious Software
 What is Malicious Software
➢ Software deliberately designed to harm
computer systems.
➢ Malicious software program causes
undesired actions in information systems.
➢ Spreads from one system to another
through:
E-mail (through attachments)
Infected disks
Downloading / Exchanging of corrupted files
Embedded into computer games

42
 Malicious Software - Categories

Malicious
Software

Viruses Rabbit Hoaxes Trojan Horse Spyware Trapdoor Worms

Boot Viruses File Viruses Time Bomb Logic Bomb

43
 Types of Malicious Software
 Virus : is a program that spread to other
software in the system .i.e., program that
incorporates copies of itself into other programs
 Viruses are programs that spread malicious code to
other programs by modifying them

Two major categories of viruses:

1. Boot sector virus : infect boot sector of systems
activate while booting
machine
2. File virus : infects program files.
activates when program is run.

44
 Rabbit : This malicious software
replicates itself without limits. Depletes
some or all the system’s resources.

❑ Re-attacks the infected systems – difficult

recovery.

❑ Exhausts all the system’s resources such

as CPU time, memory, disk space.

❑ Depletion of resources thus denying user

access to those resources.

45
 Hoaxes : False alerts of spreading viruses.
❑ e.g., sending chain letters.

❑ message seems to be important to recipient,

forwards it to other users – becomes a chain.

❑ Exchanging large number of messages (in

chain) floods the network resources –
bandwidth wastage.

❑ Blocks the systems on network – access denied

due to heavy network traffic.

46
 Trojan Horse : This is a malicious
program with unexpected additional
functionality. It includes harmful features
of which the user is not aware.

❑ Perform a different function than what

these are advertised to do (some malicious
action e.g., steal the passwords).
❑ Neither self-replicating nor self-
propagating.
❑ User assistance required for infection.
❑ Infects when user installs and executes
infected programs.
❑ Some types of trojan horses include Remote
Access Trojans (RAT), KeyLoggers,
Password-Stealers (PSW), and logic bombs.
47
❑ Transmitting medium :
1. spam or e-mail
2. a downloaded file
3. a disk from untrusted source
4. a legitimate program with the Trojan
inside.

❑ Trojan looks for your personal information

and sends it to the Trojan writer (hacker).
It can also allow the hacker to take full
control of your system.

48
 Spyware : is unwanted software that infiltrates
your computing device, stealing your internet
usage data and sensitive information.
❑ Spyware programs explore the files in an
information system.
❑ Information forwarded to an address specified in
Spyware.
❑ Spyware can also be used for investigation of
software users or preparation of an attack.

49
 Trapdoor : Secret undocumented entry point to
the program.
❑ An example of such feature is so called back
door, which enables intrusion to the target by
passing user
authentication methods.
❑ A hole in the security of a system deliberately
left in place by designers or maintainers.
❑ Trapdoor allows unauthorized access to the
system.
❑ Only purpose of a trap door is to "bypass"
internal controls. It is up to the attacker to
determine how this circumvention of control can
be utilized for his benefit.

50
 Worms :
❑ program that spreads copies of itself through a
network.
❑ Does irrecoverable damage to the computer
system.
❑ Stand-alone program, spreads only through
network.
❑ Also performs various malicious activities other
than spreading itself to different systems e.g.,
deleting files.
❑ Attacks of Worms:
1. Deleting files and other malicious actions on
systems.
2. Communicate information back to attacker e.g.,
passwords, other proprietary information.
3. Disrupt normal operation of system, thus denial
of service attack (DoS)
4. Worms may carry viruses with them.

51
Means of spreading Infection by Worms :

 Infects one system, gain access to

trusted host lists on infected system and
spread to other hosts.

 Another method of infection is

penetrating a system by guessing
passwords.

 By exploiting widely known security

holes, in case, password guessing and
trusted host accessing fails.
52
 VIRUSES – More Description

Desirable properties of Viruses :

✓ Virus program should be hard to detect by
anti-virus software.
✓ Viruses should be hard to destroy or
deactivate.
✓ Spread infection widely.
✓ Should be easy to create.
✓ Be able to re-infect.
✓ Should be machine / platform independent,
so that it can spread on different hosts.

53
Detecting virus infected files/programs :

❖Virus infected file changes – gets bigger.

❖Modification detection by checksum

54
Places where viruses live :

▪ Boot sector
▪ Memory
▪ Disk – Applications and data stored on
disk.
▪ Libraries – stored procedures and classes.
▪ Compiler
▪ Debugger
▪ Virus checking program infected by virus –
unable to detect that particular virus
signature.

55
Effect of Virus attack on computer system

➢ Virus
may affect user’s data in memory –
overwriting.

➢ Virus may affect user’s program – overwriting.

➢ Virusmay also overwrite system’s data or

programs – corrupting it – disrupts normal
operation of system.

➢ “Smashing the Stack” – Buffer overflow due to

execution of program directed to virus code.

56
Preventing infection by malicious software :

✓ Use only trusted software, not pirated software.

✓ Test all new software on isolated computer system
✓ Regularly take backup of the programs.
✓ Use anti-virus software to detect and remove
viruses.
✓ Update virus database frequently to get new virus
signatures.
✓ Install firewall software, which hampers or
prevents the functionality of worms and Trojan
horses.
✓ Make sure that the e-mail attachments are secure

57
Questions?
 Assignment 1: Virus writing
 Study malicious program (virus) writing tutorials and
create a simple malicious (virus) program that
doesn’t spread but infects a particular file of your
choice.
 Then write an antivirus program that detects your
malicious (virus) program.
 You can use either java or python programming.

59
Authentication

60
Who Goes There?
 How to authenticate a human to a machine?
 Can be based on…
◦ Something you know
 For example, a password
◦ Something you have
 For example, a smartcard
◦ Something you are
 For example, your fingerprint

61
Something You Know
 Passwords
 Lots of things act as passwords!
◦ PIN
◦ Social security number
◦ Date of birth
◦ Name of your pet, etc.

62
Why Passwords?
 Why is “something you know” more
popular than “something you have” and
“something you are”?
 Cost: passwords are free
 Convenience: easier for SA to reset
pwd than to issue user a new thumb

63
 Good and Bad Passwords
 Bad passwords  Good Passwords?
◦ frank ◦ jfIej,43j-EmmL+y
◦ Fido ◦ 09864376537263
◦ password ◦ P0kem0N
◦ 4444 ◦ FSa7Yago
◦ Pikachu ◦ 0nceuP0nAt1m8
◦ 102560 ◦ PokeGCTall150
◦ AustinStamp

64
 Password Experiment
 Three groups of users ⎯ each group advised to
select passwords as follows
◦ Group A: At least 6 chars, 1 non-letter
◦ Group B: Password based on passphrase
◦ Group C: 8 random characters
 Results
◦ Group A: About 30% of pwds easy to crack
◦ Group B: About 10% cracked
 Passwords easy to remember
◦ Group C: About 10% cracked
 Passwords hard to remember

65
Password Experiment
 User compliance hard to achieve
 In each case, 1/3rd did not comply (and about
1/3rd of those easy to crack!)
 Assigned passwords sometimes best
 If passwords not assigned, best advice is
◦ Choose passwords based on passphrase
◦ Use pwd cracking tool to test for weak pwds
◦ Require periodic password changes?

66
Attacks on Passwords
 Attacker could…
◦ Target one particular account
◦ Target any account on system
◦ Target any account on any system
◦ Attempt denial of service (DoS) attack
 Common attack path
◦ Outsider → normal user → administrator
◦ May only require one weak password!

67
Password Retry
 Suppose system locks after 3 bad
passwords. How long should it lock?
◦ 5 seconds
◦ 5 minutes
◦ Until SA restores service
 What are +’s and -’s of each?

68
Dictionary Attack
 Attacker pre-computes h(x) for all x in a
dictionary of common passwords
 Suppose attacker gets access to password file
containing hashed passwords
◦ Attacker only needs to compare hashes to his pre-
computed dictionary
◦ Same attack will work each time
 Can we prevent this attack? Or at least make
attacker’s job more difficult?

69
Other Password Issues
 Too many passwords to remember
◦ Results in password reuse
◦ Why is this a problem?
 Who suffers from bad password?
◦ Login password vs ATM PIN
 Failure to change default passwords
 Social engineering
 Error logs may contain “almost” passwords
 Bugs, keystroke logging, spyware, etc.

70
Passwords

 The bottom line

 Password cracking is too easy!
◦ One weak password may break security
◦ Users choose bad passwords
◦ Social engineering attacks, etc.
 The bad guy has all of the advantages
 All of the math favors bad guys
 Passwords are a big security problem

71
Password Cracking Tools
 Popular password cracking tools
◦ Password Crackers
◦ Password Portal
◦ L0phtCrack and LC4 (Windows)
◦ John the Ripper (Unix)
 Admins should use these tools to test for weak
passwords since attackers will!
 Good article on password cracking
◦ Passwords - Conerstone of Computer Security

72
Biometrics

73
Something You Are
 Biometric
◦ “You are your key” ⎯ Schneier
❑ Examples
o Fingerprint
o Handwritten signature Are
o Facial recognition Have
Know
o Speech recognition
o Gait (walking) recognition
o “Digital doggie” (odor recognition)
o Many more!

74
Why Biometrics?
 Biometrics seen as desirable replacement for
passwords
 Cheap and reliable biometrics needed
 Today, a very active area of research
 Biometrics are used in security today
◦ Thumbprint mouse
◦ Palm print for secure entry
◦ Fingerprint to unlock car door, etc.
 But biometrics not too popular
◦ Has not lived up to its promise (yet)

75
Biometric Modes
 Identification ⎯ Who goes there?
◦ Compare one to many
◦ Example: The FBI fingerprint database
 Authentication ⎯ Is that really you?
◦ Compare one to one
◦ Example: Thumbprint mouse
 Identification problem more difficult
◦ More “random” matches since more comparisons
 We are interested in authentication

76
 Hand Geometry
❑ Popular form of biometric
❑ Measures shape of hand
o Width of hand, fingers
o Length of fingers, etc.
❑ Human hands not unique
❑ Hand geometry sufficient
for many situations
❑ Suitable for authentication
❑ Not useful for ID problem

77
Hand Geometry
 Advantages
◦ Quick
◦ 1 minute for enrollment
◦ 5 seconds for recognition
◦ Hands symmetric (use other hand backwards)
 Disadvantages
◦ Cannot use on very young or very old
◦ Relatively high equal error rate

78
Iris Patterns

 Iris pattern development is “chaotic”

 Little or no genetic influence
 Different even for identical twins
 Pattern is stable through lifetime

79
Attack on Iris Scan
 Good photo of eye can be scanned
◦ Attacker could use photo of eye
❑ Afghan woman was authenticated by
iris scan of old photo

❑ To prevent photo attack, scanner could

use light to be sure it is a “live” iris

80
Biometrics: The Bottom Line
 Biometrics are hard to forge
 But attacker could
◦ Steal Alice’s thumb
◦ Photocopy Bob’s fingerprint, eye, etc.
◦ Subvert software, database, “trusted path”, …
 Also, how to revoke a “broken” biometric?
 Biometrics are not foolproof!
 That should change in the future…

81
 Something You Have

 Something in your possession

 Examples include
◦ Car key
◦ Laptop computer
 Or specific MAC address
◦ ATM card, smartcard, etc.

82
 2-factor Authentication
 Requires 2 out of 3 of
1. Something you know
2. Something you have
3. Something you are
 Examples
◦ ATM: Card and PIN
◦ Credit card: Card and signature
◦ Smartcard with password/PIN

83
End Of Chapter

Questions

84