Chapter 1 An Introduction To Computer Security. TOPICS Introduction Threats to Computer Systems Threats, Vulnerabilities and Attacks Characteristics of Computer Intrusion Type of Threats Points of Security Vulnerabilities Methods of Defense Categories of Computer Attacks
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Chapter 1An Introduction To Computer Security TOPICS • Introduction • Threats to Computer Systems • Threats, Vulnerabilities and Attacks • Characteristics of Computer Intrusion • Type of Threats • Points of Security Vulnerabilities • Methods of Defense • Categories of Computer Attacks • Using an Attack Taxonomy • Consideration in Selecting an Attack Taxonomy • Simple Attack Taxonomy • Risk Based Attack Taxonomy • Examples of Common Attack Methods • Attack Prevention Methods • Summary
Introduction • Computer security protects computer and everything associated with it - building, terminals, printers, cabling, disks and tapes. • Most importantly, computer security protects the information stored in a system. Hence often known as information security.
Threats to Computer Systems • Threats • Vulnerabilities • Attacks
Threats • Is defined as any potential occurrence, malicious or a possible danger that can affect the assets and resources associated with a computer system. Example: A person - a system cracker or a spy, A thing - a faulty equipment or An event - a fire or a flood.
Vulnerabilities • Is a point where a system is susceptible to attack. In other words the presence of vulnerabilities allows bad things to happen on a computer system. Example: Physical: buildings and computer rooms are vulnerable. Natural: computers are very vulnerable to natural disasters such as fire, flood etc. Human: people who administer and user computer system represent greatest vulnerability of all.
Attack • An attack on a computer system is some action taken by a malicious intruder that involves the exploitation of certain vulnerabilities to cause an existing threat to occur.
Characteristic of Computer Intrusion • The target of computer crime involves - hardware, software, media, data and people. • In any system, the weakest point is the most serious vulnerability.
Types of Threats • Confidentiality threat: • To protect information from unauthorised disclosure. • Also known as secrecy or privacy. • Integrity threat: • To ensure that information is accurate, complete and authentic. • Accuracy is more important than confidentiality of information. • Availability threat: • To ensure that the computer systems work efficiently. • Able to recover quickly and completely if a disaster occurs. • Opposite of availability is denial of service.
Points of Security Vulnerabilities • Attacks on hardware: • Computer hardware is so visible and hence easy to attack. • Includes power supply surge, unstable power supply etc. • Attacks on Software: • Software can be destroyed maliciously or modified, deleted or misplaced. • Examples include time bomb, Trojan horse, computer bug etc. • Attacks on data: • Available in many forms, such as electronic, printout and media. • Can be destroyed, changed, modified or deleted very easily.
Categories of Computer Attacks • Attack Taxonomy: • Defined as any generalised categorisation of potential attacks that might occur on given computer system. • Classes of system like real-time systems, databases and local area networks. • Consideration in selecting attack taxonomy: • Completeness • Appropriateness • Internal and External threats
Risk Based Attack Taxonomy • External information theft • External abuse of resources • Masquerading • Pest programs • Bypassing of internal controls
Risk Based Attack Taxonomy • External information theft: • Involves unauthorised access to information without exploiting any mechanisms. • Abuse of mechanisms without direct access to the system. • Associated with disclosure threat. • Example, an individual glancing at a colleague's terminal screen. • External abuse of resources: • Involves physical destruction of computer system hardware. • Associated with the integrity threat. • Example, direct vandalism.
Risk Based Attack Taxonomy • External masquerading: • Involves a malicious intruder successfully impersonating another user. • Associated with disclosure, integrity or denial of service threats. • Example, intruder tapping into a communication media. • Pest Program: • Programs that cause subsequent harm to computer systemcan be viewed as a time bomb. • Requires mechanisms internal to the computer systemassociated with integrity threat. • Example, Trojan horse and computer virus attacks.
Risk Based Attack Taxonomy • Bypassing of Internal Controls: • Involves the explicit avoidance of authorisation, access and authority controls. • Associated with disclosure, integrity or denial of service threats. • Example, cracking techniques that subvert protective approaches.
Examples of Common Attack Methods • Password spoof program • Password theft by clever reasoning • Logic bomb mail • Schedule file removal • Field separate attack • Insertion of compiler Trojan horse
Examples of Common Attack Methods • Password spoof program: • Trojan horse program is used to fake the normal login sequence. • Involves spoofing a user for login and password information. • Password theft by clever reasoning: • Users typically create passwords that are mnemonic. • Hackers gain access by guessing of password of individuals. • Obtain a copy of password file and encryption function.
Examples of Common Attack Methods • Logic bomb mail: • Programs that remain dormant until some predetermined logical condition on the target system becomes true. • May cause harm after the malicious intruder has escaped. • The login spoof might be viewed as a logic bomb. • Schedule file removal: • A useful file offered on many types of operating systems. • Used to schedule program to be run at predetermined time. • Command can be combined with attack programs.
Examples of Common Attack Methods • Field separate attack: • This attack relies on several technical assumptions underlying operating system. • Field separate can be redefined to include various characters. • Also relies on existence of system program invoked by a normal user. • Insertion of compiler Trojan horse: • Programs used by many different users are the attractive target for Trojan horse for widespread damage. • Hence, compilers are attractive targets for Trojan horse insertion.
Attack PreventionMethods • Individual screening • Physical security • Care in operations
Attack Prevention Methods • Individual screening: • Involves checking the background, credentials and other personal attributes of individuals. • Used to trust user not to spoof other user or create compiler Trojan horse. • Physical security: • This method involves securing the computer system facility. • Computer centres that are guarded, locked and monitored demonstrate this type of security control. • Advantage is external hardware damage is effectively controlled. • Disadvantage is may not useful for remote access.
Attack Prevention Methods • Care in operations: • Involves individuals being careful in their day-to-day activities to avoid common types of attacks. • Users can often avoid password spoof attacks by clearing the terminals before login into system. • Similarly compiler attacks can be avoided by simple access and configuration controls.