Introduction to

Computer and
Information
Security
Foundation of Computer Security:
Q1.Deffine computer security
Definition of Security:
1) It deals with the prevention and detection of unauthorized actions
by users of a computer system.
2) Computer security is nothing but to provide security to data,
computer system, services and supporting procedures. For this
purpose various technologies were used like access control
mechanism, cryptography.
3) Now a days computers are connected to each other via a network.
Therefore there should be network security also.

1. Information security info assurance it focuses on the

security process not on the hardware and software being
used but on the data that is processed by them. Assurance
also introduces the availability of the system and
information when we want them.
2. Data security is related to the content of information and
source of the data transfer should be secure. Only valid users
can access or change the data
Q2.What is Need of computer Security:

1. Now a days the public is becoming dependent on

computer and networks, so they are also interested in
the security of these same computers and networks.
2. With more use of computers and networks on daily
basis to conduct everything like making purchases etc
ensuring that computers and networks are secure has
become of more importance.
3. Hence computer and network security is essential to
function effectively and safely in todays highly
automated world.
Q3.explain security basics?
.explain term authentication and
authorization
a. Security Basics: BOOK
The basic or goal of components of computer security
includes : confidentiality, integrity and availability.
1) Confidiantility
2) Integrity:
3) Availability:
4) Accountability:
5) Non-Repudiation:
6) Reliability:

1.Confidentiality:

7) The ability to protect data so that unauthorized person

cannot view the data. The property that sensitive
information is not disclosed to unauthorized entities.
8) Loss of confidentiality can occur in many ways such as
through the intentional release of private company
information or through a misapplication of networks
right.
9) To maintain confidentiality various mechanism
were used like resource hiding ,cryptography and
access control
2.Integrity:

The concept of integrity ensures that

1. Modifications are not made to data by unauthorized

person or processes..only authorized person can able to
do that
iii. The data is internally and externally consistent.
3.Availability:

1) The concept of availability ensures the reliable and

timely access to data or computing resources by the
appropriate person.
2) Availability ensure that the Data or systems is
available for use when the authorized user want to
access it.
4.Accountability:

1) Every individual who is working with an information

system should have specific responsibilities for
information assurance.

2) The tasks for which an individual is responsible are part

of the overall information security plan.
3) Accountability is the traceability of actions performed on
a system to a specific system entity like user, process,
device.
4) Audit information must be selectively kept and
protected, so that the actions affecting security can be
traced to the responsible party.
5.Non-Repudiation:

It is the ability to verify that a message has been sent and

received are the same and that the sender can be identified
and verified. This type of requirements is for online
transactions.

6.Reliability:

It refers to the ability of a computer related hardware or

software component to consistently perform according to its
specifications and produces intended result.

7,Authentication
8.authorizaion
Q4.explain three functions of computer security
1.Confidentiality:

1) The ability to protect data so that unauthorized person cannot

view the data. The property that sensitive information is not
disclosed to unauthorized entities.
2) Loss of confidentiality can occur in many ways such as through
the intentional release of private company information or through
a misapplication of networks right.
3) To maintain confidentiality various mechanism were used
like resource hiding ,cryptography and access control
2.Integrity:
The concept of integrity ensures that

1. Modifications are not made to data by unauthorized person or

processes..only authorized person can able to do that
iii. The data is internally and externally consistent

4.Accountability:

1) Every individual who is working with an information system

should have specific responsibilities for information assurance.

2) The tasks for which an individual is responsible are part of the

overall information security plan.
3) Accountability is the traceability of actions performed on a system
to a specific system entity like user, process, device.
4) Audit information must be selectively kept and protected, so that
the actions affecting security can be traced to the responsible party
Risk and Threat Analysis

Q5.Deffine Risk and Threat Analysis?

In many IT companies, risk analysis is being applied:

To all information assets of an enterprise.

To the IT infrastructure of an enterprise.
To development of new products or system.

1) Risk is some incident or attack that can cause damage to

system.
2) An attack against a system is done by a sequence of
action, exploiting weak points, until attackers goal is not
accomplished.
3) So, it is important to assess the risk caused by the attack
in terms of amount of damage being done and the
possibility of the attack.

The process of risk analysis will refer to assets, vulnerabilities

and threats. It is calculated as ;
RISK = ASSETS x THREATS x VULNERABILITIES

• Assets: Hardware, Software, Data and Documentation,

Personnel, procedures, models etc.
• Threats: Actions taken by attackers
• Vulnerabilities: Weaknesses in the system
 Q5.Explain risk management
Q .Explain term1.assets,2.Threats 3.Vulnerabilities

• Assets:.
An asset is any data, device or other component of an
organisation's systems that is valuable – often because
it contains sensitive data or it can be used to access
such information.
For example, an employee's desktop computer, laptop or
Hardware,Software,Data and Documentation etc.
• Threats: Actions taken by attackers
This type of computer threats consists of software that
is traditionally referred to as malware, that is, viruses,
worms and Trojans.
• Minor threats – computer threats that are less
dangerous than major threats, but may be used by a
third person to perform malicious activity.
• Vulnerabilities: Weaknesses in the system
A vulnerability in security refers to a weakness or
opportunity in an information system that
cybercriminals can exploit and gain unauthorized
access to a computer system.
• Vulnerabilities weaken systems and open the door to
malicious attacks
RISK ANALYSIS (RA)
Risk can be calculated by Risk Analysis (RA) and it is the
identification and estimation of risks.
Q6.Deffine risk and Describe Quantitative and quantitative
risk analysis
1. Quantitative Risk Analysis

• A process for assigning a numeric value to the probability

of loss based on known risks, on financial values of the
assets and on probability of threats

• It is used to determine potential direct and indirect costs to

the company based on values assigned to company
assets and their exposure to risk eg the cost of replacing
an asset, the cost of lost productivity or the cost of
diminished brand reputation.

2. Qualitative Risk Analysis

• It is a collaborative process of assigning relative values to assets,
assessing their risk exposure, and estimating the cost of controlling the
risk. It differs from quantitative risk analysis in that it utilizes relative
measures and approximate costs rather than precise valuation and cost
determination. In qualitative risk analysis:
1. Assets can be rated based on criticality - very important, important,
not-important etc.
2. Vulnerabilities can be rated based on how it is fixed - fixed soon,
should be fixed, fix if suitable etc.
3. Threats can be rated based on scale of likely - likely, unlikely, very
likely etc
Q7.Deffine countermeasures in computer
system

Countermeasures:
1) The result of risk analysis is a list of threats with priority and
the recommended countermeasures to mitigate the risk.
2) Usually the risk analysis tools come with a knowledge based of
countermeasures for the threats which can detected in analysis.
3) Before deciding any implementation of security measures, it is
good to go through the risk analysis. But this approach is
having problem like:
• Conducting a risk analysis for a large organization will take
much time because the IT system is changing continuously.
• The cost of a full risk analysis is difficult to justify to
management.
Threat to Security
A threat is a responsible for violation of security which exists
when there is a action that might cause harm to security.

Threats are divided into following categories:

Disclosure: Unauthorized access to information.

Deception: Access of wrong data.

Disruption: Prevention of correct action.

Usurpation: Unauthorized access to system or part of system.

 VIRUSES

Q.Deffine virus ?and explain different

phases of virus
i. A virus is a code or program that attaches itself to
another code or program which causes damage to
computer system or network
ii. It is a piece of code which is loaded on to the computer
without individuals knoledge and runs against his
permission

iii. The purpose of creating a computer virus is to infect

vulnerable systems, gain admin control and steal user
sensitive data.
One of the ideal methods by which viruses spread is
through emails
Phases of Viruses(Life Cycle of Viruses).

1. Dormant phase: This is where the virus is sitting idle

waiting for a trigger to a time to execute..

2. Propagation phase: This is the stage where the virus is

copying itself into other programs or areas of your hard
drives.
3. Triggering phase: this is a phase where virus get
activated to performs functions for which it is
injected

4. Execution phase: The virus gets to work. The virus’s

payload is released, and the end user will begin to
notice problems with their computer such as:
5. deleted files, the system crashing, or endless popups
on the screen.
 In book

Types of Viruses

Q.Exlain Types of virus?

1. Boot Sector Virus
2. Direct Action Virus
3.Email virus
4. Multipartite Virus
5. Polymorphic Virus
6. Spacefiller Virus
1.Boot Sector Virus – This type of virus infects the master boot
record and it is challenging and a complex task to remove this virus.
Mostly it spreads through removable media.

2.Direct Action Virus –,it gets installed or stays hidden in the

computer memory. It stays attached to the specific type of files that it
infect. It executes itself and terminte or destroid itself

3.Email virus:- This virus get executed when email attachmet is

opened by recipient .
This Virus send itself to the mailing list of sender

4.Multipartite Virus – This type of virus spreads through multiple

ways. It infects both the boot sector and executable files at the same
time.

5.Polymorphic Virus – These type of viruses are difficult to

identify . This is because the polymorphic viruses produces fully
operational copies of itself

6.Spacefiller Virus –this virus fill up the empty spaces between the
code and hence does not cause any damage to the file.
12.Dealing with Viruses :

Preventing from viruses is always a good option. There is no direct way

to find the hidden code but we can attempt to detect, identify and
remove viruses.

Detection: Find out the location of virus.

Identification: Identify the specific virus that has attacked.

Removal: After, identification, it is necessary to remove all traces of the

virus and restore the affected file to its original state with the help of
anti viruses.
 1. Worms

Q.Deffine or Explain Warm ?

2. A computer worm is a type of malicious software

program whose primary function is to infect other
computers while remaining active on infected systems.

3. A computer worm is self-replicating malware that

duplicates itself to spread to un-infected computers.

4. Worms uses parts of an operating system that are

automatic and invisible to the user.

5. Warms consumes system resources ,slowdown other

tasks
Q,Difference between Virus And Warms?
Q.Compare virus and
logical bomb
Q.How to remove a computer worm
1. Removing a computer worm can be difficult, the
system may need to be formatted, and all the software
reinstalled.
2. Use a known safe computer to download any required
updates to an external storage device and then install
them on the affected machine.
3. The system should be disconnected from the internet or
any network, before attempting to remove the computer
worm;
4. removable storage devices should also be removed and
scanned separately for infections.
5. Once the system is disconnected from the network, do
the following:

 Update all antivirus signatures

 Scan the computer with the up-to-date antivirus
software
 Use the antivirus software to remove any malware,
 Confirm that the operating system and all applications
are up to date and patched
 INTRUDERS and Insiders:
Q.Explain intruders with respect to
security
INTRUDERS

1. An intruder is a person that enters territory that does not

belong to that person.
2. The main purpose of the intruder is to gain access to a
system or to increase the range of benefits accessible on
a system.
3. This is one of the most publicized threats to security.

Insiders:

4. An insider threat is a malicious threat to an organization

that caused by the people within the organization,
5. such as employees, contractors or business associates,
who have inside information related to security
practices, data and computer systems.
6. The threat may involve fraud, the stealing of
confidential or commercially valuable information, the
stealing of intellectual property, etc
Trojan Horse :

Q Explain term trojan horse

1. Trojan Horse is a hidden piece of code, it allows an attacker to
obtain confidential data.
2. The main purpose of Trojan Horse is to reveal confidential
information to an attacker.
3. For example, Trojan Horse can hide in code for login screen.
When the user enters the user id and password, the Trojan Horse
captures these details and send this information to the attacker
without knowledge of authorized user. The attacker can then use
this information to gain access to the system.
 Attacks :
Q.Deffine attack and list its types
1. Denial of service attack
2. Man – In – Middle attack
3. Backdoors & Trapdoors
4. Sniffing & Spoofing
5. Encryption attack
6. Replay attack
7. TCP/IP hacking attack
8. Hacking & Cracking
9. Pornography
Q.explain any four types of Attack

Attack is a path or way by which hacker can gain access to

computer system without your knowledge.

The attacks are grouped into two types :

• Passive
• Active attacks.
Types of atack

1.Active attacks:
1. Active attacks are the attacks in which the attacker
tries to modify the information or creates a false
message.
Prevention:
2. The prevention of these attacks is quite difficult
because of a broad range of potential physical,
network and software vulnerabilities.
3. Instead of prevention, it emphasizes on the detection
of the attack and recovery from any disruption or
delay caused by it.
There are three types of Active attacks
interruption, modification and fabrication.

1. Interruption is caused when unauthorized attacker

tries to pose as another entity.

2. Modification it can be done using two ways replay

attack and alteration.
In the replay attacka user captures a sequence of event
and re-send it.
alteration of the message involves some change to the
original message.
3. Fabrication it is an attempt to prevent authorized users
from accessing some services,

ex DOS
2.Passive attack:
1. Passive attack are those where attackers aim to get
information that is transit.
2. In Passive attack ,attackers does not involves any
modification to the contents of an original message
3. So,the Passive attacks are hard to detect

Although, it can be prevented using encryption methods

1. The passive attacks are further classified into two
types, first is the

(1)release of message content –

in this , a confidential message
should be accessed by authorized user otherwise a
message is released against our wishes

(2) traffic analysis.

in this , attacker may try to find
out similarities between encoded messages for
some clues registering communication
3.Denial of Service (DOS) Attack:
book
Q.Explain Dos and DDOs with diagram

1. A denial-of-service (DoS) attack is a type of cyber

attack in which a malicious actor aims to render a
computer or other device unavailable to its intended
users by interrupting the device's normal functioning.
2. DoS attacks typically function by overwhelming or
flooding a targeted machine with requests until normal
traffic is unable to be processed, resulting in denial-of-
service to addition users.
3. A DoS attack is characterized by using a single
computer to launch the attack. :
wrong
1.Buffer overflow attacks – the most common DoS attack.
The concept is to send more traffic to a network
address than the programmers have built the system to
handle.
2. Flood attacks
By saturating a targeted server with an overwhelming
amount of packets, a malicious actor is able to oversaturate
server capacity, resulting in denial-of-service. In order for
most DoS flood attacks to be successful, the malicious actor
must have more available bandwidth than the target.
Q.Describe SYN flooding with Diagram

SYN flood attacks work by exploiting the handshake

process of a TCP connection. Under normal conditions,
TCP connection exhibits three distinct processes in order to
make a connection.
1. First, the client sends a SYN packet to the server in
order to initiate the connection.
2. The server then responds to that initial packet with a
SYN/ACK packet, in order to acknowledge the
communication.
3. Finally, the client returns an ACK packet to
acknowledge the receipt of the packet from the server.
After completing this sequence of packet sending and
receiving, the TCP connection is open and able to send
and receive data.
4.Distributed Denial of Service
(DDOS):

Q.Explain DDOs with diagram?

An additional type of DoS attack is the Distributed Denial

of Service (DDoS) attack. A DDoS attack occurs when
multiple systems orchestrate a synchronized DoS attack to
a single target. The essential difference is that instead of
being attacked from one location, the target is attacked
from many locations at once. The distribution of hosts that
defines a DDoS provide the attacker multiple advantages:
The goal of a DDoS attack is to denay the use of access to
a specific service or system
5.Backdoors and Trapdoors attack:
NO Q.Explain Backdoor and Trapdoor attacks?
1. A backdoor
• Backdoors are the methods used by software
developers to make sure that they gain access to an
application even if something were to happen in future to
prevent normal access methods.
• Authorized individual can also install Backdoors.
• NetBus and Back Orifice are the common Backdoors
2.Trapdoors :
1. Trapdoors are bits of code embedded in program to quickly
gain access at a later time i.e. during testing phase.
2. If corrupt programmer purposely leaves this code in or
simply forgets to remove it, a potential security hole is
introduced.
3. Trap doors can be almost impossible to remove in a reliable
manner.
6.Sniffinf and Spoofing Attacks
Q.Explain Sniffinf and Spoofing Attacks
1.Sniffing :
1) Sniffing is an application that can capture network packets .
2) thisis a software or hardware device that is used to observe
traffic as it passes through a network on shared broadcast
media.
3) The device can be used to views all traffic or it can target a
specific protocol, service, or even string of characters.
4) Some network sniffers are not just designed to observe the
all traffic but also modify the traffic.
5) Objective of sniffing is to steal:
• Password
• Email text
• Files in transfer
2.Spoofing :
1) Spoofing is making data similar to it has come from a different
source. This is possible in TCP/IP because of the friendly
assumptions behind the protocols.
2) The assumption at the time of protocol development is that an
individual who is having access to the network layer will be
privileged users who can be trusted.
3) In this,When a packet is sent from one system to another, it includes
destination IP address ,port and source IP address as well. This is
one of the several forms of spoofing.
Q.What are different ways of spoofing?
1. Spoofing E mail :

2. Email spoofing is the forgery of an email header so that the

message appears to have originated from someone or somewhere
other than the actual source.
3. Email spoofing is a popular tactic used in phishing and spam
campaigns because people are more likely to open an email when
they think it has been sent by a legitimate or familiar source.
2.URL Spoofing :

4. Ideally, a spoofed URL is a fraudulent link masked to appear as a

legal source address, just to steal your data.
5. Occasionally, clicking on a spoofed URL once can cause
malware damage to your device.
6. Some scammers even go miles to make a site look identical to the
actual version. This trick gives the spoofed site the false
legitimacy that will prompt them to provide their personal data
that would otherwise be used against you.

Ip address spoofing

7. IP spoofing, or IP address spoofing, refers to the creation of

Internet Protocol (IP) packets with a false source IP address to
impersonate another computer system.
8. IP spoofing allows cybercriminals to carry out malicious
actions, often without detection.
9. This might include stealing your data, infecting your device
with malware, or crashing your server.
7.Man in the Middle Attack :
Q,Explain man in middle attack with diagram
1. The man in middle attack generally occurs when
attackers are able to place themselve in the middle of two
other hosts that are communicating in order to view or
modify the packet
2. This will do by making users that all communication
going to or from the target host is routed through the
attackers host
3. Then the attacker can be able to observe all traffic before
transforming it and can actually modify or block traffic
4. To the target host communication is occuring normally,
since all expecte replies are received routed through the
attackers host
Q.Explain replay attack with diagram

Replay :

1. In replay attack an attacker captures a sequence

of events or some data units and resends them.
2. For example, suppose user A wants to transfer
some amount to user C’s bank account.
3. Both users A and C have account with bank B.
4. User A might send an electronic message to bank
B requesting for fund transfer.
5. User C could capture this message and send a
copy of the same to bank B.
6. Bank B would have no idea that this is an
unauthorized message and would treat this as a
second and different fund transfer request from
user A. So, C would get the benefit of the fund
transfer twice.
7. -once authorized and once through a replay
attack
Prevention
1. Preventing such an attack is all about having the right method
of encryption. Encrypted messages carry "keys" within them,
and when they're decoded at the end of the transmission, they
open the message.
2. In a replay attack, it doesn't matter if the attacker who
intercepted the original message can read or decipher the key.
3. All he or she has to do is capture and resend the entire thing
message and key together.
TCP/IP hijacking Attack:
 It is called as active sniffing.
 It is the process of taking control of an already
existing session between client and a server.
 It involve attacker gaining access to a host in the
network and logically disconnecting it from the
network.
Operating System Security:
1. Operating systems are large and complex mixture of
interconnected software modules written by several of
separate individuals.
2. It is almost not possible for an operating system vendor
to test their product on each possible platform under
every possible situation, so the functionality and security
issues are occurred after released of operating system.
3. To the systems or users administration is constant stream
of updates designed to correct platform Vendors
typically follows a hierarchy for software updates given
below:

1.Hotfix :
 A hotfix is a term often used by a manufacturer or
developer to describe a vital fix or correction in
software..
 Hotfixes are typically developed in reaction to a
discovered problem usually urgent fixes designed to be
implemented as quickly as possible.
2. Patch:
 It is generally applied to a more formal, large software
update that may address several or many software
problems.
 Patches often contain improvements or additional
capabilities and fixes for known bugs. Patches are
developed over a longer period of time.
3.Service pack:

This term is given to a large collection of patches and

hotfixes that are rolled into a single, rather large package.
Service packs are designed to bring a system up to the
latest known, good level all at once, rather than requiring
the user or system administrator to download several of
updates separately.
Information Security:

Information:
It is a resource fundamental to the success of any
business.
2. Data: It is a collection of all types of information
which can be stored and used as per requirement.
3. Knowledge: It is based on data that is organized,
synthesized or summarized and it is carried by
experienced employees in the organization.
4. Action: It is used to pass the required information to a
person who needs it with the help of information
system.
Information Systems (IS)

An information system(IS) is a set of inter-related

components that collect, process, store and distribute
information to support decision-making and control in an
organization. IS is automated or manual
Q.State Need and importance of
Information:

1. Information is essential in organization because damage to

information/data can cause disruptions in a normal process of
organization like financial loss.
2. Information is the most valuable resources of an
organization so its management is crucial to making good
business decision.
3. Main objective of an information system is to monitor and
document the operations of other systems
4 To satisfy the decision making capability, the information
system should be call for intensive and complex interaction
between different units in the organization
Information Classification:

 The main reason for classifying is that not all

data/information have the same level of importance or same
level of relevance/ criticality to an organization.

 Some data are more valuable to the people who make

strategic decisions (senior management) because they aid them
in making long-range or short range business direction
decisions.

 Some data such as trade secrets, formulae (used by

scientific and/or research organizations) and new product
information (such as the one used by the marketing
staff and sales force) are so valuable that their loss could
create a significant problem for the enterprise in the market.

 Thus it is obvious that information classification provides a

higher, enterprise–level benefit.

 Classification of information is used to prevent the

unauthorized disclosure and the resultant failure of
confidentiality
Schemes for Information Classifications:

1) Government /Military Organisation

2) Private Organizations
 Q.Explain the criteria for information
classification
Levels in Government /Military
Organization for Information
classification:
1. Unclassified
Information that is neither sensitive nor classified. The public
release of this information does not violate confidentiality.
2. Sensitive but Unclassified (SBU)
Information that has been designated as a minor secret but
may not create serious damage if disclosed.
3. Confidential
The unauthorized disclosure of confidential information could
cause some damage to the country‘s national security .
4. Secret
The unauthorized disclosure of this information could cause
serious damage to the countries national security.

5. Top secret
This is the highest level of information classification. Any
unauthorized disclosure of top secret information will cause
grave damage to the country‘s national security.
The organizations make data available to those concerned on
a ‘need-to know’ basis. For this reason, the following
data/information classification is also prevalent in most
private organizations:

1) Public :
Information that is similar to unclassified information.
However if it is disclosed, it is not expected to seriously
impact the company.

2) Sensitive:
Information that requires a higher level of classification than
normal data. This information is protected from a loss of
confidentiality as well as from a loss of integrity owing to an
unauthorized alteration

3) Private:
Typically this is the information i.e considered of a personal
nature and is intended for company use only. Its disclosure
could adversely affect the company or its employees salary
levels and medical information could be considered as
examples of ‘private information.
Q.State the Criteria for information Classification:

1. Value
It is the most commonly used criteria for classifying data in
private sector. If the Information is valuable to an organization
it needs to be classified.
2. Age
The classification of the information may be lowered if the
information value decreases over the time.
3. Useful Life
If the information has been made available to new information,
important changes to the information can be often considered.
4. Personal association
If the information is personally associated with specific
individual or is addressed by a privacy law then it may need to
be classified.
 Security
Security is the method which makes the accessibility of
information or system more reliable. Security means to
protect information or system from unauthorized user like
attackers, who do harm to system or to network
intentionally or unintentionally.
Security is not only to protect information or network, but
also allow authorized user to access the system or network
Need of Security:
1. Security protecting the Functionality of an Organization.
General Manager and IT Manager are responsible for
implementing information security that protects the functionality
of an organization. Implementing information security has more
to do with management then technology.
For e.g. Managing payroll has more to do with management then
Calculating wages, other things etc.
2. Enabling the safe operation of application.
Today organization operates on integrated efficient and capable
applications. A modern organization need to create an
environment that safeguards these Applications, specially
operating system platform, email, instant messaging application
etc.
3. Protecting data that organization use and collect.
Without data an organization losses its records of transaction and
ability to deliver a value to its customer. Protecting data at
motion and at rest are both critical aspects of information
security. The value of data motivates attackers to steal and
corrupt the data.
4. Safeguarding technology assets in organization.
To perform effectively, organizations must employ secure
infrastructure service which appropriate to the size and the scope
of the organization. For e.g. a small business uses an email
service and secure with the personal encryption tool. When an
organization grows, it must develop additional security service
that uses system of software, encryption methodology and legal
agreement that support entire information infrastructure
Basic principles od Information Security
Q.Draw and explain CIA tried
Q explain CIA security model
Q explain three pillors of info scurity with diagram
Basic principles of Information security
Q.Draw and Explain CIA Triad