Attacks on Computers and

Computer security
Moudle-1
Need for Security, Security Approaches, Principles of
Security, Types of Attacks
Security Models
An organization can take several approaches to implement its security
model.
• No security the approach could be a decision to implement no
security at all
• Security through obscurity In this model, a system is secure simply
because nobody knows about its existence and contents.
• Host security In this scheme, the security for each host is enforced
individually.
• Network security In this technique, the focus is to control network
access to various hosts and their services, rather than individual host
security
Security Management Practices
A good security policy and its proper implementation go a long way in
ensuring adequate security management practices.
Key aspects are:
➢ Affordability: Cost and effort in security implementation.
➢Functionality: Mechanism of providing security.
➢Cultural issues: Whether the policy gels well with people’s
expectations, working style and beliefs.
➢Legality: Whether the policy meets the legal requirements
 1.3 SECURITY POLICY
• Risk ->Secure->Action
• To control the threats
• Providing techniques & measures(e.g Audit)
• Developing a secure computing platform to restrict the users
to perform the only particular actions that is permitted.
• At the same time restrict this user to misuse their rights to
use the system.
1. External Approach:- for external attacker
2. Internal Approach:- for inside environmental attack
 1.4 SECURITY TECHNIQUES
• Cryptographic Techniques:- Confidentiality & integrity of data
• Authentication Techniques:- to guarantee that communication
end-points.
E.g:- who they say the are.

• Chain of trust techniques- authentic software

• Access Control- privilege & authorization
• Capability to detect un-patched known flaws
• Back up of data
• Anti-virus software
• Firewall
• IDS/IPS- related to access & misuse
Principle/Goals Of Security
• These are the 4 chief principles of security.
1. Confidentiality:- Is msg seen by someone else?
2. Authentication:- Do u trust the sender of msg?
3. Integrity:- Is the meg changed during transmit?
4. Non-repudiation:- Can sender refute the msg?
• Above principles are related to a particular message.
• There are 2 more linked to overall system as a whole.
5. Access Control:- Who can Access what? [ACL]
6. Availability:- Information should be available timely.
• Let us assume that a person A wants to send a check worth
$100 to another person B. Normally, what are the factors
that A and B will think of, in such a case? A will write the
check for $100, put it inside an envelope and send it to B..
• A will like to ensure that no one except B gets the envelope and
even if someone else gets it, she does not come to know about
the details of the check. This is the principle of confidentiality.
• A and B will further like to make sure that no one can tamper
with the contents of the check (such as its amount, date,
signature, name of the payee, etc.). This is the principle of
integrity.
• B would like to be assured that the check has indeed come from
A and not from someone else posing as A (as it could be a fake
check in that case). This is the principle of authentication.
• What will happen tomorrow if B deposits the check in her
account, the money is transferred from A’s account to B’s
account and then A refuses having written/sent the check? The
court of law will use A’s signature to disallow A to refute this
claim and settle the dispute. This is the principle of non-
repudiation
Confidentiality
• Confidentiality is the process of preventing disclosure of
information to unauthorized individuals or systems.

Examples: Credit card

• Confidentiality is necessary, but not sufficient to maintain

privacy
“Interception Causes Loss of Message
Confidentiality”
 Authenticity
• In computing, e-Business and information security it is
necessary to ensure that the data , transactions,
communications or documents (electronic or physical) are
genuine (i.e. they have not been forged or fabricated.)

Examples: Passport, Credit card Accounts, academic transcripts

“Fabrication is possible in absence of proper
authentication”
Integrity
• Integrity means that data cannot be modified/change
without Authorization

Examples: Manual deletion or alteration or creation of

important data files, Virus infection, Employee altering
their own salary , website vandalism, polling fraud.
“Modification Causes Loss of Message
integrity”
 Non-Repudiation
• It is a complex term used to describe the lack of deniability of
ownership of a message, piece of data, or Transaction.

Examples: Proof of an ATM transaction, a stock trade, or an

email
“It does not allow the sender of a
message to refute the claim of not
sending that message”
Access Control
• Role Management->User Side->Which user
can do what.
• Rule Management->Resource Side->Which
resources are accessible and under what
circumstances.
• Access Control List is subset of Access Control
Matrix.
• Access control specifies and controls who can
access what
 Availability
• For any information/system to serve its purpose, the
information must be accessible & usable when it is
needed.
• Computing systems used to store and process the
information, the security controls used to protect it, and
the communication channels used to access it must be
functioning correctly.

Examples: Power outages, Hardware failures,System

upgrades and Preventing denial-of-service attacks
Interruption puts the availability of resources
in danger
Ethical and Legal Issues
• Ethical and legal issues in computer security systems seem to be in the
area of the individual’s right to privacy versus the greater good of a
larger entity (e.g. a company, society, etc.)
For example,
• Tracking how employees use computers, crowd surveillance,
managing customer profiles, tracking a person’s travel with a passport,
location tracking so as to spam cell phone with text message
advertisements and so on.
Classically, the ethical issues in security systems are classified into the
following four categories:
➢Privacy – This deals with the right of an individual to control personal
information.
➢Accuracy – This talks about the responsibility for the authenticity, fidelity
and accuracy of information.
➢Property – Here we find out the owner of the information. We also talk
about who controls access.
➢Accessibility – This deals with the issue of the type of information an
organization has the right to collect. And in that situation, it also expects to
know the measures which will safeguard against any unforeseen
eventualities.
When dealing with legal issues, we need to remember that there is a
hierarchy of regulatory bodies that govern the legality of information
security.
We can roughly classify them as follows.
• International: e.g. International Cybercrime Treaty
• Federal: e.g. FERPA, GLB, HIPAA, DMCA, Teach Act, Patriot Act,
Sarbanes-Oxley Act, etc.
• State: e.g. UCITA, SB 1386, etc.
• Organization: e.g. Computer use policy
 Steps for better Security
Security is the most important aspect of computer world
Following r the steps one should follow:-

• Assets:- Decide, Identify, Protect

• Risks:- identify threats, attacks, vulnerabilities, exploits,
theft
• Protection:- find out the solutions
• Tools & Technique:- select
• Priorities:- decide the order of point 4
 1.6 CATEGORY OF COMPUTER SECURITY
1. Cryptography:- Mathematical “scrambling’’ of data.
2. Data Security:- Protective measures, keep safe from un-
authorized access, privacy, prevent breaches , etc.
3. Computer Security Model:-
It Depends on computer architecture, specification,
security issues, protection mechanism.
Act as a framework for information system security
policy.
 Continue…
4. Network Security:-
Protection during transmission,
Policies & provision by Admin,
Authorization & Access Control,
5. Computer Security Procedure:-
strategies, guideline, policies, standards, specification,
regulations & laws.
6. Security Exploits:-
Vulnerabilities,
Unintended & un-patched flaws in s/w,
Virus, worms & Trojan horses, malwares
Different types of attacks,
 Continue…
7. Authentication:- person, computer, program
8. Identity management:- user, device, services
9. Internet policy:- whatsapp, FB, ect..
10. Security Software
1.7 The Operational Model Of N/W Security
Security Services
• Digital Signature
• Password
• Encryption
• Hash algorithms
Types of Attacks
A General View
• Criminal Attacks Here, the sole aim of the attackers
is to maximize financial gain by attacking computer
systems.
• Publicity Attacks occur because the attackers want to see their
names appear on television news channels and newspapers.
Example,
• They are people such as students in universities or employees in large
organizations, who seek publicity by adopting a novel approach of attacking
computer systems.
➢One of the most famous such attacks occurred on the US Department of
Justice’s Web site in 1996.
➢The New York Times home page was also famously defaced two years later.
• Legal Attacks This form of attack is quite novel and unique.
• Here, the attacker tries to make the judge or the jury doubtful about the
security of a computer system.
For example,
• An attacker may sue a bank for a performing an online
transaction, which he/she never wanted to perform. In court,
she could innocently say something like The bank’s Web site
asked me to enter a password and that is all that I provided; I
do not know what happened thereafter. A judge is likely to
sympathize with the attacker!
Attacks: A Technical View

Classification of the types of attacks on computers and network systems

into two categories
(a) Theoretical concepts behind these attacks and
(b) Practical approaches used by the attackers. Let us
discuss these one-by-one.
Security Attack
 Types of Attack
• Attacks: A Technical View
1. Theoretical Concepts behind this attack.
✓ Interception:- Copying of data & program & listening to N/W
Traffic.
✓ Fabrication:-Attacker may add fake records to a database.
Creation of illegal objects on the computer system.
✓ Modification:-Attacker modifies Value of Data Base
✓ Interruption:- Resources became unavailable, lost or unusable.
Causing problems to a H/W device, erasing program, Data or
OS components.
Further Grouped in to types:
 Passive Attack
• Attacker eavesdropping or monitoring of data transmission.
• Tries to learn something out of it & make use of it.
• Aims to obtain information that is in transmit.
• Passive attacks do not involve any modifications to the contents
of an original message.
• Detection harder.
1. For plain text Message
• Solution prevention :- encryption
2. For Encoded Message

• Similarity -> Pattern -> Clue

Further Classification of Passive Attacks
• Release of message contents: When we send a confidential
email message to our friend, we desire that only she be able
to access it. Otherwise, the contents of the message are
released against our wishes to someone else. Using certain
security mechanisms, we can prevent release of message
contents.
• Attacker attempts of analyzing (encoded) messages to come
up with likely patterns are the work of the traffic analysis
attack.
 Active Attack
➢Modification
➢Creation of False Msg
➢No prevention
➢Solution: Detection & Recovery

In active attacks, the contents of the original message are

modified in some way.
•Trying to pose as another entity involves masquerade
attacks.
• Modification attacks can be classified further into replay
attacks and alteration of messages.
• Fabrication causes Denial Of Service (DOS) attacks.
Classification of Active Attack
Masquerade is caused when an unauthorized entity pretends to be
another entity.
As we have seen, user C might pose as user A and send a message to
user B. User B might be led to believe that the message indeed came
from user A.
➢In masquerade attacks, an entity poses as another entity.
• As an instance, the attack may involve capturing the user’s authentication
sequence (e.g. user ID and password). Later those details can be replayed to gain
illegal access to the computer system.
➢In a replay attack, a user captures a sequence of events or
some data units and re-sends them.
➢For instance, suppose user A wants to transfer some amount
to user ’s bank account. Both users A and C have accounts
with bank B.
➢User A might send an electronic message to bank B,
requesting for the funds transfer. User C could capture this
message and send a second copy of the same to bank B.
➢Bank B would have no idea that this is an unauthorized
message and would treat this as a second and different, funds
transfer request from user A. Therefore, user C would get the
benefit of the funds transfer twice: once authorized, once
through a replay attack.
➢Alteration of messages involves some change to the original message.
For instance, suppose user A sends an electronic message Transfer
$1000 to D’s account to bank B. User C might capture this and change
it to Transfer $10000 to C’s account.
➢Denial Of Service (DOS) attacks make an attempt to prevent
legitimate users from accessing some services, which they are eligible
for.
➢For instance, an unauthorized user might send too many login requests
to a server using random user ids one after the other in quick
succession, so as to flood the network and deny other legitimate users
from using the network facilities.
Practical Side Of Attack
References:
• Dr. V.K. Pachghare, Cryptography and Information Security, PHI,ISBN
978-81-303-5082-3
• Atul Kahate, Cryptography and Network Security, Tata McGraw
Hill,ISBN 978-0-07-064823-4
• Further Reading use ppt’s after this slide
Program That Attacks
• Virus
• Worms
• Trojan Horse
• Applets & ActiveX Controls
• Cookies
• Java Script VB Script Jscript
• Etc.
✓Program That Attacks to cause some damage or to
create confusion.
1.virus
• Practical Side Of Attack
• A piece of program code that attaches itself to
another legitimate program & causes damage to the
computer system or to the N/W.
•
1.virus
• Properties Of Virus
✓Self-propagates
✓Action /Event Driven
• Solution->Good backup, recovery Procedure.
• During its life time Virus goes through four phases:-
1. Dormant
2. Propagation
3. Triggering
4. Execution
1.virus
• Virus can be classified into following categories:-
1. Parasitic->.EXE
2. Memory-Resident Virus->.EXE
3. Boot Sector->MBR->Disk->OS
4. Stealth->Intelligence Built in->prevent detection AV
5. Polymorphic->changing its signature->difficult
detection
6. Metamorphic->5+rewriting itself every time->more
hard
7. Macro virus->Application S/W->like MS office Docs.
Worm
• Similar in concept to a virus, a worm is actually
different in implementation.
• A virus modifies a program (i.e. it attaches itself to the
program under attack).
• A worm, however, does not modify a program.
Instead, it replicates itself again and again.
Trojan Horse
• A Trojan horse is a hidden piece of code, like a virus.
• However, the purpose of a Trojan horse is different.
• Whereas the main purpose of a virus is to make some sort of
modifications to the target computer or network, a Trojan horse
attempts to reveal confidential information to an attacker.
• The name (Trojan horse) is due to the Greek soldiers, who hid
inside a large hollow horse, which was pulled by Troy citizens,
unaware of its contents.
• Once the Greek soldiers entered the city of Troy, they opened the
gates for the rest of Greek soldiers.
• A Trojan horse allows an attacker to obtain some confidential
information about a computer or a network.