CO-5-G

Computer Security (17514)

TH : 100
TW : 25
Sessional : 10 (25 + 25)
Total : 135
Total No. Chapters : 06
 REFERENCE BOOKS
1 Atul Kahate
Cryptography and Network Security Tata McGraw Hill
2 William Stallings
Computer Security Principles and Practices Pearson Education
3 Dieter Gollman
Computer Security Wiley India Education (Second Edition)
4 Wm. Arthur Conkin
Principles of Computer Security Security + and Beyond Mc Graw Hill
5 C K Shyamala, N Harini, Dr. T. R. Padmanabhan
Cryptography and Security Wiley India
Computer Security
Preserving the integrity, availability, and
confidentiality of information system resources.
(Resources includes hardware, software, firmware, information/
data, and telecommunications).
 Chapter 1 : Introduction and Security trends (marks = 22)
Need for Computer Security
• Information is a strategic resource.
• A significant portion of organizational
budget is spent on managing information.
• To secure individuals & organizations
money transactions.

News :
Suspected Chinese hackers who infiltrated the US government's human resources records
have sensitive information on all federal employees, an American union said Thursday.
(13 June 2015)
Security Basics/Principles of Security:

Following are the basics of security

●
Confidentiality
●
Availability
●
Integrity
●
Authentication
●
Non Repudiation
●
Access Control

CIA tried for Security

Confidentiality
The principle of confidentiality specifies that only the sender and
intended recipient should be able to access the contents of a
message.

User A
User A
Computer
Computer

M User C
M
Computer

User B User B
Computer Computer

Fig. Confidential Fig. Loss of Confidentiality

(interception attack)
Integrity
When the content of the message are changed after sender send the
message (during transmission) before receiving the message by
receiver is known as loss of Integrity.
Change of content of a message during transmission such type of
attack is known as modification attack.

User A
Computer
Transfer
Transfer 1000Rs
1000Rs User C
Computer
Transfer
5000Rs
User B
Computer
Fig. loss of Integrity (modification attack)
Availability
Principle of availability ensures that resources should be available to
authorized parties at all times without any interruption.

Server Client
Service
Unavailable

Attacker

Fig. Attack on Availability (interruption attack)

Authentication
Authentication process ensures that the origin of the electronic
message or document is correctly identified. When someone use
others identity illegally to send the message we can say that this is a
loss of authentication.

User A
Computer

M User C
I m user A Computer

User B
Computer
Fig. Absence of Authentication
(Fabrication attack)
Non-Repudiation
Sometimes user send the message and later refuses that he had sent
that message. The principle of Non-Repudiation reduce such
possibilities.
Eg. User A request for fund transfer to a bank , bank complete the
fund transfer as per request of user A but later user A refuse that he
made such type of request.
Principle of Non-Repudiation implement by using digital signatures.

Access Control
Principle of access control determines who should be able to access
what. Under access control we decide role of users and also rule for
users to access different resources of the organization.
The Challenges of Computer Security

• Mechanisms used to meet security requirements (Confidentiality, Integrity &

Availability ) can be quite complex, and understanding them may involve
rather subtle reasoning.
• In many cases, successful attacks are designed by looking at the problem in a
completely different way, so it is difficult for security personal to design
security systems.
• Having designed various security mechanisms, it is necessary to decide where
to use them.
• Security mechanisms typically involve more than a particular algorithm or
protocol. They also require that participants be in possession of some secret
information (e.g., an encryption key), which raises questions about the
creation, distribution, and protection of that secret information.
• Security requires regular, even constant monitoring and this is difficult in
today’s short-term, overloaded environment.
• Lack of security awareness in end users and employees.
• Attackers and Hackers are have strong resources as compare to
organizations.
• Security mechanisms efficiency is depend on location where
they are used.
• Security mechanisms typically involve more than a particular
algorithm or protocol. They also require that participants be in
possession of some secret information (e.g., an encryption
key), which raises questions about the creation, distribution,
and protection of that secret information.
• Security requires regular, even constant monitoring and this is
difficult in today’s short-term, overloaded environment.
Model for Computer Security
Threat
A potential cause to a incident that leads to a incident that become harmful for system OR
organization.

Vulnerability
A flaw or weakness in a system’s design, implementation, or operation and management that
could be exploited.

Risk
An expectation of loss expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular harmful result.

Asset
Asset is any thing (Hardware, Software, Data) that owner want to secure.

Countermeasure
An action, device, procedure, or technique that reduces a threat, a vulnerability.
What is Threat ?
The ISO 27005 defines a threat as a potential cause of an incident that may result in harm
of systems and organization. The cause could be physical such as someone stealing a computer
that contains vital data. The cause could also be non-physical such as a virus attack.

Threats to Security
●
Virus
●
Worms
●
Intruders
●
Insiders
●
Criminal Organization
●
Information Warfare
Virus
• A malicious harmful program for computer system is known as virus.
• Almost all viruses are attached to an executable file, which means the virus may exist on your
computer but it actually cannot infect your computer unless you run or open the malicious
program. So we can say that virus programs cant have ability replicate themselves by own.
Worm
●
A worm is similar to a virus by design and is considered to be a sub-class of a virus.
Worms spread from computer to computer, but unlike a virus, it has the capability to
travel without any human action. So we can say that worms can replicate itself.
●
A worm takes advantage of on file or information transport features in your system,
which is what allows it to travel.
●
One example would be for a worm to send a copy of itself to everyone listed in your e-
mail address book.
Trojan Horse
●
The Trojan Horse, at first glance will appear to be useful software but will actually do damage
once installed or run on your computer.
●
Eg. A email with subject “Congratulation u have won 500000$”.
Intruder
●
A outside person who try to access organization resources without permission is known as
Intruder. Intruders are extremely patient persons. They always try to find out a weak point of
system security to gain access to system.
●
There are three categories of Intruders.
1) Not technically expert to write vulnerable scripts.
2) Capable of writing scripts to exploit existing vulnerability.
3) Capable writing scripts to exploit existing vulnerability and also capable to find out new
vulnerabilities.
Backdoor
●
A means of gaining access to a computer program or system by bypassing the normal
authentication and other security procedures and mechanisms. Programmers often create back
doors so that they can fix bugs and speed development work. If the back door code is left in
place when the software goes into general release, it creates a considerable security risk.

Insiders
●
Insiders are more dangerous than intruders because they have knowledge of system and also
know the internal threats to system.
TROJAN HORSE
TROJAN HORSE
Types of Attack
Passive Attacks
Eavesdropping
●
It is the act of secretly listening to the private conversation of others
without their knowledge.
●
Eg. Someone listening to the telephonic conversation of two persons OR
capturing the email during transmission only for read purpose.
Traffic Analysis
●
Traffic analysis is the process of intercepting and examining messages in
order to deduce information from patterns communication. It can be
performed even when the messages are encrypted and cannot be
decrypted.
●
Attacker gain useful information from statistical analysis

Who communicates with whom, when, how long, where?

Who is interested in what contents?
Active attacks
Masquerade
Masquerade is same as fabrication attack , and performed by the attacker due to
absence of authentication.
Replay

Message then
replied multiple
times

Deposit
100$ to
accnt no
100020

Message to Web
Server is intercepted
Web User on route Web Server
Denial of Service
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash. In both instances, the
DoS attack deprives legitimate users (i.e. employees, members, or account holders) the
service or resource they expected.

There are two general methods of DoS attacks:

flooding services and crashing services.

Flood attacks :
Occur when the system receives too much traffic for the server to buffer, causing them
to slow down and eventually stop. Popular flood attacks include:
flooding services send more traffic to a network address than the programmers have
built the system to handle. It includes the attacks listed below,
– ICMP flood
– SYN flood
ICMP flood
Attacker misconfigured network devices by sending spoofed packets that ping every
computer on the targeted network, instead of just one specific machine. The network is
then triggered to amplify the traffic. This attack is also known as the smurf attack or
ping of death.

Fig. ICMP flooding

SYN flood
●
sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available
for legitimate users to connect to.
●
Other DoS attacks simply exploit vulnerabilities that cause the target system or
service to crash.  In these attacks, input is sent that takes advantage of bugs in the
target that subsequently crash or severely destabilize the system, so that it can’t be
accessed or used.

Fig. Three way Handshake

Distributed DOS
●
An additional type of DoS attack is the Distributed Denial of Service (DDoS)
attack. A DDoS attack occurs when multiple systems orchestrate a
synchronized DoS attack to a single target. The essential difference is that
instead of being attacked from one location, the target is attacked from many
locations at once.

Trapdoors / Backdoors
●
Programmer use backdoors to gain access to system without going through the
usual security access procedures.
●
Backdoors are actually develop by authenticated programmers during
development of application programs to access system easily without going
through a long authentication procedure.
●
Backdoors become threat when dishonest person use them to get
unauthorized access .
Email Spoofing example
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for
Microsoft 

Corporation. If you are interested to work with Microsoft, then reply me at my mail
address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
TCP Session Hijacking:
TCP Hijacking is oldest type of session hijacking. TCP session hijacking
actually deals with the successful prediction of the Initial sequence numbers
that gets exchanged between two host. A client and the server.
Sequence Numbers are exchanged during TCP Three way handshaking.
• Host A sends a SYN bit set packet to Host B to create a new connection.
• Host B will reply with SYN/ACK bits set packet to Host A with a initial
sequence number.
• Host A will reply with ACK bit set packet to Host B with Initial Sequence
Number + 1

So, If attackers manage to predict the initial sequence number then they can
actually send the last ACK data packet to the server, spoofing as original
Host. then they can hijack the TCP Connection.
TCP/IP Session Hijacking Attack
Session hijack attacks are defined as taking over an active
TCP /IP communication session without their permission or
knowledge. When implemented successfully, attackers assume
the identity of the compromised user, enjoying the same
access to resources as the compromised user.

Backdoor
A back door is a means of access to a computer program
that bypasses security mechanisms. A programmer may
sometimes install a back door so that the program can be
accessed for troubleshooting or other purposes. However,
attackers often use back doors that they detect or install
themselves, as part of an exploit.
Attempted Logic Bomb
On 29 October 2008 a logic bomb was discovered at
American mortgage giant Fannie Mae. The bomb was allegedly
planted by Rajendrasinh Babubhai Makwana, an IT contractor
who worked in Fannie Mae's Urbana, Maryland facility.
The logic bomb was set to activate on 31 January 2009 and
could have wiped all of Fannie Mae's 4000 servers. Makwana
had been terminated around 1:00pm on 24 October 2008 and
managed to plant the bomb before his network access was
revoked. Makwana was indicted in a Maryland court on 27
January 2009 for unauthorized computer access,[convicted on 4
October 2010, and sentenced to 41 months in prison on 17
December 2010.
Avenues of Attack
• Specially Targeted
• Opportunistic
Steps in Attack
• Collect Information ( IP addresses, Phone Numbers, Names of
Employees etc. )
• Determine available target systems. (ping)
• Identify open ports. ( port Scanning)
• Identify the operating system running on target machines. (by
transferring formatted packets on targeted system)
• Now decide tools to attack.
• Many sites provide weak holes of many application programs and
operating systems , also provide tools to attack.