Banking Computers Science Computer Security Computer & Network Security

Computer & Network Security

 

Computer security (also known as cyber security or IT security) is information security as applied to computing devices such as computers and smart phones, as well as computer networks such as private and public networks, including the whole Internet.

Traditionally, computer facilities have been physically protected for three reasons:

• To prevent theft of or damage to the hardware
• To prevent theft of or damage to the information
• To prevent disruption of service

 

1. Confidentiality: Confidentiality is the concealment of information or resources. The need for keeping information secret arises from the use of computers in sensitive fields such as government and industry.

For example, military and civilian institutions in the government often restrict access to information to those who need that information. The first formal work in computer security was motivated by the military's attempt to implement controls to enforce a "need to know" principle. This principle also applies to industrial firms, which keep their proprietary designs secure lest their competitors try to steal the designs. As a further example, all types of institutions keep personnel records secret.

 

2. Integrity: Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication). The source of the information may bear on its accuracy and credibility and on the trust that people place in the information. This dichotomy illustrates the principle that the aspect of integrity known as credibility is central to the proper functioning of a system.

 

3. Availability: Availability refers to the ability to use the information or resource desired. Availability is an important aspect of reliability as well as of system design because an unavailable system is at least as bad as no system at all. The aspect of availability that is relevant to security is that someone may deliberately arrange to deny access to data or to a service by making it unavailable.

 

4. Access Control System: Any system designed to prevent and restrict access to users. For example, a primary form of access control is only allowing users who have accounts to login to a system or only allowing the user access to files he or she should be able to see. .

 

TOP SOME SOURCES OF COMPUTER VIRUS ATTACK

The most potent and vulnerable threat of computer users is virus attacks. Virus attacks hampers important work involved with data and documents. It is imperative for every computer user to be aware about the software and programs that can help to protect the personal computers from attacks. One must take every possible measure in order to keep the computer systems free from virus attacks. The top sources of virus attacks are highlighted below:

1. Downloadable Programs: Downloadable files are one of the best possible sources of virus. Any type of executable program including games, freeware, screen saver as well as executable files are one of the major sources of computer virus attacks; Executable files having an extension of ".corn", ".exe" and "coolgame.exe" contain virus sources too. If in the case a user want to download programs from the internet then it is necessary to scan every program before downloading them.

 

2. Illegal Software: Most people who download cracked and illegal versions of software online are unaware about the reality that they may contain virus sources as well. Such illegal files contain viruses and bugs that are difficult to detect as well as to remove. Hence, it is always a preferable option to download software from the appropriate source.

 

3. Email Attachments: Email attachments are one of the other popular sources of computer virus attacks. Hence, a user must handle email attachments with extreme care, especially if the email comes from an unknown sender. Installation of a good antivirus assumes prime necessity if one desires to eliminate the possibility of virus attacks.

 

4. Using Internet: Using internet is one of the common sources of virus infection. Majority of all computer users are unaware as when viruses attack computer systems. Almost every computer user click/download everything that comes their way and hence unknowingly invites the possibility of virus attacks.

 

5. Booting from Unknown CD: Most computer users believe that one of the most common ways of virus infection is through Data CD. It is a good practice to remove the CD when the computer system is not working. If you do not remove the CD after switching off the computer system then it is every possibility that the computer system may start to boot automatically from the disc.

 

6. Using Pendrive/USB Flash drive: Using pen drive/USB flash drive is another source of virus attacks. It is a good practice to scan the pendrive when it is connected to computer.

 

7. Not running the latest updates: Many of the updates, especially those associated with Microsoft Windows and other operating systems and programs, are security updates. Running a program or operating system that is not up-to-date with the latest updates can be a big security risk and can be a way your computer becomes infected.

 

TYPES OF ATTACK IN NETWORK SECURITY

 

 

In Network Security, attack is typically divided into two parts.

1. Passive Attack: A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

 

2. Active Attack: In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

 

Passive attack further divides into two parts:-

 

1. Eaves-dropping: Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, video conference or fax transmission. The term eavesdrop derives from the practice of actually standing under the eaves of a house, listening to conversations inside.
2. Traffic analysis: Traffic analysis is a special type of inference attack technique that looks at communication patterns between entities in a system. "Traffic analysis" is the process of intercepting and examining messages in order to deduce information from patterns in communication.

Active attack further divides into four parts:

1. Masquerade attack: A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification.
2. Replay attack: A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
3. Message modification attack:

In a message modification attack, an intruder alters packet header addresses to direct a message to a different destination or modify that data on a target machine.

4. Denial-of-service attack: A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses.

 

TOP ATTACKS IN NETWORK SECURITY

There are some important network security Attacks are:

1. Distributed Attack: A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a "trusted" component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.
2. Phishing Attack: In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.
3. Hijack attack: In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.
4. Spoof attack: Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.
5. Password attack: An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.

 

MALWARE

Malware, also known as malicious software, is a software that is used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of executable code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software. Some malwares are:

• Computer Viruses

A computer virus or worm is program that replicates itself on its own by by inserting copies of itself into other programs or documents. It can spread by email also. These viruses or worms are malicious programs that are designed to infect and gain control over a computer without the owner's knowledge.

 

• Viruses and spam

Virus-makers and spammers create viruses that infect most of the computers across the globe. These computers become spam-generating machines and cooperate in various manners to send as much spam as possible as efficiently as possible. The infected computers then send massive amounts of spam, unbeknownst to the computer owner.

 

TYEPS OF VIRUS

There are various types of computer viruses, classified in terms of techniques, origin, the types of files affected, damage, OS or Platform attacked, as well as the places they hide. Some of the common types include the following:

• Resident viruses: These are permanent viruses dwelling in RAM memory. In this case, they would be in a position to overcome, as well as interrupt, all operations that the system executes. Their effects include corrupting programs and files that are closed, opened, renamed or copied.
• Overwrite viruses: These viruses delete information that is in the infected files. In this case, the infected files would be rendered totally or partially useless. Unfortunately, you would only clean the infected file by deleting it completely, therefore losing original content.
• Direct action viruses: This virus replicates itself, then acts when executed. Subject to satisfaction of particular conditions, the virus infects files located in the folders or computer directory. It is also in directories specified in the AUTOEXEC.BAT PATH. In most cases, it is located in hard drive's root directory and takes particular action when the computer boots.
  • File infectors: This virus infects executable files or programs. On running the programs, the virus would be activated, then be able to carry out its damaging effects. Most of the existing viruses are in this category.
  • Boot viruses: This virus infects the hard disk's or floppy drive's boot sector. This would make the computer unable to boot. These viruses can, however, be avoided by ensuring that the floppy disks and hard drive is well protected. Never start the computer using an unknown disk drive or floppy disk.
• Directory viruses: This virus alters the paths indicating a file's location. In this case, when the infected program is executed, you will be running the program unknowingly, since the virus has moved the original program and file to another location. This therefore makes it impossible to locate the moved files.
• Macro virus: This virus affects files created using particular programs or applications containing macros. The mini-programs increase their ability to automate some operations, in which case they would be performed as single actions. The user would therefore be saved the trouble of executing them singularly.

 

ACTION OF A VIRUS

Different computer viruses create different problems in different ways. The most common problems are:

• A virus may destroy all data stored in the hard disk by either formatting it without warning or by destroying some of its sectors.
• A virus may change the boot sector of the hard disk. If the boot sector of a disk is affected, it cannot boot the computer.                                
• The computer viruses are automatically loaded into the main memory of the computer and remain in the memory. This slows down the data accessing speed of the computer.
• A virus can destroy BIOS of the computer.

 

COMPUTER WORMS

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.

 

TROJAN

Trojans are malicious programs that perform actions that have not been authorized by the user. These actions can include:

• Deleting data
  • Blocking data
  • Modifying data
  • Copying data

Disrupting the performance of computers or computer networks Unlike computer viruses and worms, Trojans are not able to self-replicate.

 

SPYWARE

Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.

 

SOME IMPORTANT TERMS RELATED TO SECURITY

Spoofing: It is a situation in which a program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. IP address spoofing or IP spoofing is the creation of Internet protocol (IP) packets with a source IP address, with the purpose of concealing the identity of the sender or impersonating another computing system.

 

Hacking: Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator’s original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker. Computer hacking is the most popular from of hacking nowadays, especially in the field of computer security. But hacking exits in many other forms, such as phone hacking, etc. and it’s not limited to either of them.

 

Cracking: The original difference between cracking and hacking is that hacking were those who attacked/penetrated security systems of networks while crackers were those that attacked/penetrated security systems of software. Crackers, cracked software (not networks system) such that they could be pirated. Crackers are the profit side of the coin. Their motivation is financial gain and/or cause damage. Crackers tend to be working for organized crime, services for hire, US, Chinese, Russian government employees, competitors commiting corporate espionage etc.

 

Phishing: It is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

 

Spam: Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited

 

Adware: Adware is the common name used to describe software that is given to the user with advertisements embedded in the application. Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games or utilities that are distributed as adware (or freeware). Today we have a growing number of software developers who offer their goods as “sponsored” freeware (adware) until you pay to register. If you’re using legitimate adware, when you stop running the software, the ads should disappear, and you always have the option of disabling the ads by purchasing a registration key.

 

Rootkits: A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system’s Operating System has completely booted up. A rootkit often allows the installation of hidden files, Processes, hidden user accounts, and more in the system OS. Rootkits are able to intercept data from terminals, connections, and the keyboard.

 

SOLUTIONS TO COMPUTER SECURITY THREATS

Some safeguards or solutions to protect a computer system from accidental access are described below:

1. Install Anti-Virus Software

Ensure that reputable anti-virus software is installed on all computers. This should include all servers, PCs and laptops. If employees use computers at home for business use or to remotely access the network, these PCs should also have anti-virus software installed. Everyday new computer viruses are being released and it is essential that businesses are protected from these viruses by keeping the anti-virus software up to date. If possible, companies should look at policies whereby computers that do not have the most up to date anti-virus software installed are not allowed to connect to the network.

 

2. Employ a firewall to protect networks

As computer viruses can spread by means other than email, it is important that unwanted traffic is blocked from entering the network by using a firewall. For users that use computers for business away from the protection of the company's network, such as home PCs or laptops, a personal firewall should be installed to ensure the computer is protected.

 

Firewall

A method for keeping a network secure. It can be implemented in a single router that filters out unwanted packets, or it may use a combination of technologies in routers and hosts. Firewalls are widely used to give user access to the Internet in a secure fashion as well as to separate a company’s public Web server from its internal network. They are also used to keep internal network segments secure. For example, a research or accounting subnet might be vulnerable to provide firewall protection.

 

3. Filter all email traffic

All incoming and outgoing email should be filtered for computer viruses. This filter should ideally be at the perimeter of the network to prevent computer viruses. E-mails with certain file attachments commonly used by computer viruses to spread themselves, such as .EXE, .COM and .SCR files, should also be prevented from entering the network.

 

4. Scan internet Downloads

Ensure that all files downloaded from the Internet are scanned for computer viruses before being used. Ideally this scanning should be done from one central point on the network to ensure that all files are properly scanned.

 

5. Implement a vulnerability management program

Most computer viruses and worms try to exploit bugs and vulnerabilities within the operating system and applications that companies use. New vulnerabilities are introduced into networks every day, be that from installing new software and services, making changes to existing systems or simply from previously undiscovered vulnerabilities coming to light. It is important to regularly review your network and the applications running on it for new vulnerabilities. Any discovered vulnerabilities should be rated and prioritised regarding their criticality and the potential business impact they could have. Once this has been done, a plan on how to manage those vulnerabilities, either by patching, upgrading, or managing the vulnerability using tools such as firewalls or Intrusion Detection Systems should be put into place.

 

6. Develop an Information Security Policy

The creation and publication of an Information Security Policy is key to ensuring that information security receives the profile it requires in the organisation and is the first critical step in securing the company's systems and data. It is important that senior management support the Information Security Policy and that all users are made aware of their roles and responsibilities under this policy.

 

7. Password

A password is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user.

Strong password: Term used to describe a password that is an effective password that would be difficult. to break. Often a strong password has between six and ten characters (the more the better), numbers, other characters, and both upper and lowercase characters. Below is an example of a strong password.

Weak password: A password that is not an effective password because it's easy to remember. Names, birth dates, phone numbers, and easily guessable words are considered weak passwords. Below is an example of a weak password.

 

8. Certificate

Many websites use certificates or digital certificates to define their security and identity, so that computers visiting the sites know the sites are legitimate and feature proper security. These certificates must be obtained and from the proper organizations, as well as registered with them. They also expire and must be renewed to remain valid. A web browser may deny access to a website or at least warn the user when a website's certificate has expired and the identity or security of the site cannot be verified.

 

9. Digital Signature

Alternatively referred to as digitally signed, a digital signature is a mathematical scheme used to verify the authenticity of a digital document or message. They are used when determining authenticity and avoiding tampering are important, such as in financial transactions.

Digital signatures are often used as a means to implement electronic signatures that are encrypted which allows for both authentication and non-repudiation (the signer cannot deny signing a document while claiming his/her private key has not been compromised).

 

 

FILE AND FOLDER PERMISSIONS

Most current file systems have methods of assigning permission or access rights to specific users and group of users.

 

Permission	Meaning for Folders	Meaning for Files
Read	Permits viewing and listing of files and subfolders	Permits viewing or accessing of the file's contents
Write	Permits adding of files and subfolders	Permits writing to a file
Read & Execute	Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and folders	Permits viewing and accessing of the file's contents as well as executing of the file
Modify	Permits reading and writing of files and subfolders; allows deletion of the folder	Permits reading and writing of the file; allows deletion of the file
Full Control	Permits reading, writing, changing, and deleting of files and subfolders	Permits reading, writing, changing and deleting of the file

 

SECURE SOKET LAYER

The Secure Sockets Layer (SSL) is a computer networking protocol that manages server authentication, client authentication and encrypted communication between server and client.

 

TRANSPORT LAYER SWCURITY

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet.

 

IP SECURITY PROTOCOL

IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or packet processing layer of network communication.

IP-sec is said to be especially useful for implementing virtual private networks and for remote user accessthrough dial-up connection to private networks.

IP-security protocol provides two choices of security service:

(i) Authentication Header (AH), which essentially allows authentication of the sender of data.

(ii) Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. Earlier security approaches have inserted security at the Application layer of the communications model.

A big advantage of IP-sec is that security arrangements can be handled without requiring changes to individual user computers. Cisco has been a leader in proposing IP-sec as a standard (or combination of standards and technologies) and has included support for it in its network routers.