Unit 1

The Importance of Computer Security

Computer security is the process of preventing and detecting unauthorized use of
your computer. Prevention measures help you stop unauthorized users (hackers)
from accessing any part of your computer system. Detection helps you to
determine whether or not someone attempted to break into your system, if they
were successful, and what they may have done.

Too often, computer and network security is not thought about until a problem
arises. At this point, a breach in security can cause huge and potentially harmful
problems to your business and/or your customers. By setting up a security plan and
an emergency action plan, you can know that the information held in your
computers and networks is safe and secure.

The first step is to protect from potential outside problems. Cyber criminals,
hackers, and identity thieves present real and dangerous threats to any online
system. Your IT solution should always have adequate firewalls, antivirus
software, virtual private networks, and intrusion prevention. You want to make
sure that all your security components are communicating with each other, making
you aware of any potential gaps or breaches in your security systems. You also
want to make sure that all your employees are aware of the dangers of opening
attachments or web links that are sent by unknown parties. These emails can be a
dangerous activity known as “phishing,” with hackers trying to access or steal
passwords and other private information.

The second level of security is inner security. Depending on the type of business
you run, it can be helpful to set up different levels of access throughout your
computer systems. These access levels ensure that important or sensitive
information is only available to those who have the right level of clearance. Make
sure that your employees know how to pick strong passwords, which will help
keep their individual accounts secure.

Despite your precautions, it is always possible that your system will be breached.
This is why it is important to have an emergency action plan, a plan that is devised
to shut down and protect your system in case of an attack or breach. Make sure that
all pertinent personnel are aware of the plan in case you need to implement it. This
plan will help contain any damage or unintended sharing of private information,
allowing you to keep control of the situation.

CONCEPT OF ETHICAL HACKING

Ethical hacking, also known as penetration testing, intrusion testing, or red

teaming, is the controversial act of locating weaknesses and vulnerabilities of
computer and information systems by duplicating the intent and actions of
malicious hackers.

What constitutes ethical hacking?

For hacking to be deemed ethical, the hacker must obey the following rules:
1. Expressed (often written) permission to probe the network and attempt to
identify potential security risks.
2. You respect the individual's or company's privacy.
3. You close out your work, not leaving anything open for you or someone
else to exploit at a later time.
4. You let the software developer or hardware manufacturer know of any
security vulnerabilities you locate in their software or hardware, if not
already known by the company.

Ethical Hacker
Ethical hacking definition

An ethical hacker (also known as a white hat hacker) is the ultimate security professional. Ethical hackers
know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious
hacker (or a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those
skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get
there and try to break in.

An ethical hacker’s role is similar to that of a penetration tester, but it involves broader duties. They break
into systems legally and ethically. This is the primary difference between ethical hackers and real
hackers—the legality.

An ethical hacker looks to answer the following four basic questions:

 1. What information/locations/systems can an attacker gain access?
2. What can an attacker see on the target?
3. What can an attacker do with available information?
4. Does anyone at the target system notice the attempts?

Who is a Hacker? Types of Hackers

A Hacker is a person who finds and exploits the weakness in computer systems
and/or networks to gain access. Hackers are usually skilled computer programmers
with knowledge of computer security.

Hackers are classified according to the intent of their actions. The following list
classifies hackers according to their intent.

TYPES OF HACKERS

1. Ethical Hacker (White hat): A hacker who gains access to systems with a view to
fix the identified weaknesses. They may also perform penetration Testing and
vulnerability assessments.

2. Cracker (Black hat): A hacker who gains unauthorized access to computer systems
for personal gain. The intent is usually to steal corporate data, violate privacy rights,
transfer funds from bank accounts etc.

3. Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks
into computer systems without authority with a view to identify weaknesses and
reveal them to the system owner.

4. Script kiddies: A non-skilled person who gains access to computer systems using
already made tools.

ESSENTIAL TERMINOLOGIES

Threat: An action or event that might compromise security.

A threat is apotential violation of security. The following are the threats:
1 Viruses
Malicious computer programs that are often sent as an email attachment or a
download with the intent of infecting your computer, as well as the computers of
everyone in your contact list. Just visiting a site can start an automatic download of
a virus.

What they can do:

 Send spam.
 Provide criminals with access to your computer and contact lists.
 Scan and find personal information like passwords on your computer.
 Hijack your web browser.
 Disable your security settings.
 Display unwanted ads.

When a program is running, the virus attached to it could infiltrate your hard drive
and also spread to USB keys and external hard drives. Any attachment you create
using this program and send to someone else could also infect them with the virus.

How will you know if your computer is infected?

Here are a few things to check for:

 It takes longer than usual for your computer to start up, it restarts on its own
or doesn't start up at all.
 It takes a long time to launch a program.
 Files and data have disappeared.
 Your system and programs crash constantly.
 The homepage you set on your web browser is different (note that this could
be caused by Adware that has been installed on your computer).
 Web pages are slow to load.
 Your computer screen looks distorted.
 Programs are running without your control.

2 Worms
A worm, unlike a virus, goes to work on its own without attaching itself to files or
programs. It lives in your computer memory, doesn't damage or alter the hard drive
and propagates by sending itself to other computers in a network – whether within
a company or the Internet itself.

What they can do:

 Spread to everyone in your contact list.

 Cause a tremendous amount of damage by shutting down parts of the
Internet, wreaking havoc on an internal network and costing companies
enormous amounts of lost revenue.

3. Trojan Horses
A malicious program that is disguised as, or embedded within, legitimate software.
It is an executable file that will install itself and run automatically once it's
downloaded.

What it can do:

 Delete your files.

 Use your computer to hack other computers.
 Watch you through your web cam.
 Log your keystrokes (such as a credit card number you entered in an online
purchase).
 Record usernames, passwords and other personal information.

4. Malware
Malicious software that infects your computer, such as computer viruses, worms,
Trojan horses, spyware, and adware.

What it can do:

 Intimidate you with scareware, which is usually a pop-up message that tells
you your computer has a security problem or other false information.
 Reformat the hard drive of your computer causing you to lose all your
information.
 Alter or delete files.
 Steal sensitive information.
 Send emails on your behalf.
  Take control of your computer and all the software running on it.

Vulnerability: Existence of a weakness, design, or implementation error that can

lead to an unexpected and undesirable event comprmising the security of the
system.

Vulnerabilities

How they attack: Vulnerabilities are flaws in computer software that create
weaknesses in your computer or network’s overall security. Vulnerabilities can
also be created by improper computer or security configurations. Threats exploit
the weaknesses of vulnerabilities, resulting in potential damage to the computer or
its data.

 How do you know? Companies announce vulnerabilities as they are

discovered and quickly work to fix them with software and security
"patches."

What to Do

 Keep software and security patches up to date.

 Configure security settings for your operating system, Internet browser and
security software.
 Companies should develop personal security policies for online behavior,
and individuals should be sure to adopt their own policies to promote online
safety.
 Install a proactive security solution like Norton Internet Security to block
threats targeting vulnerabilities.

Target of Evaluation: An IT system, product, or component that is

identified/subjected to require security evaluation.

Attack: An assault on the system security that is derived from an intelligent threat.
An attack is any action that violates security.
Common Types of Network
Attacks
Without security measures and controls in place, your data might be subjected to an
attack. Some attacks are passive, meaning information is monitored; others are active,
meaning the information is altered with intent to corrupt or destroy the data or the
network itself.
Your networks and data are vulnerable to any of the following types of attacks if you do
not have a security plan in place.
Eavesdropping
In general, the majority of network communications occur in an unsecured or "cleartext"
format, which allows an attacker who has gained access to data paths in your network to
"listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your
communications, it is referred to as sniffing or snooping. The ability of an eavesdropper
to monitor the network is generally the biggest security problem that administrators
face in an enterprise. Without strong encryption services that are based on
cryptography, your data can be read by others as it traverses the network.
Top Of Page

Data Modification
After an attacker has read your data, the next logical step is to alter it. An attacker can
modify the data in the packet without the knowledge of the sender or receiver. Even if
you do not require confidentiality for all communications, you do not want any of your
messages to be modified in transit. For example, if you are exchanging purchase
requisitions, you do not want the items, amounts, or billing information to be modified.
Top Of Page

Identity Spoofing (IP Address Spoofing)

Most networks and operating systems use the IP address of a computer to identify a
valid entity. In certain cases, it is possible for an IP address to be falsely assumed—
identity spoofing. An attacker might also use special programs to construct IP packets
that appear to originate from valid addresses inside the corporate intranet.
After gaining access to the network with a valid IP address, the attacker can modify,
reroute, or delete your data. The attacker can also conduct other types of attacks, as
described in the following sections.
Top Of Page

Password-Based Attacks
A common denominator of most operating system and network security plans is
password-based access control. This means your access rights to a computer and
network resources are determined by who you are, that is, your user name and your
password.
Older applications do not always protect identity information as it is passed through the
network for validation. This might allow an eavesdropper to gain access to the network
by posing as a valid user.
When an attacker finds a valid user account, the attacker has the same rights as the real
user. Therefore, if the user has administrator-level rights, the attacker also can create
accounts for subsequent access at a later time.
After gaining access to your network with a valid account, an attacker can do any of the
following:
 Obtain lists of valid user and computer names and network information.
 Modify server and network configurations, including access controls and routing
tables.
 Modify, reroute, or delete your data.
Top Of Page

Denial-of-Service Attack
Unlike a password-based attack, the denial-of-service attack prevents normal use of
your computer or network by valid users.
After gaining access to your network, the attacker can do any of the following:
 Randomize the attention of your internal Information Systems staff so that they
do not see the intrusion immediately, which allows the attacker to make more
attacks during the diversion.
 Send invalid data to applications or network services, which causes abnormal
termination or behavior of the applications or services.
 Flood a computer or the entire network with traffic until a shutdown occurs
because of the overload.
 Block traffic, which results in a loss of access to network resources by authorized
users.
Top Of Page
Man-in-the-Middle Attack
As the name indicates, a man-in-the-middle attack occurs when someone between you
and the person with whom you are communicating is actively monitoring, capturing,
and controlling your communication transparently. For example, the attacker can re-
route a data exchange. When computers are communicating at low levels of the
network layer, the computers might not be able to determine with whom they are
exchanging data.
Man-in-the-middle attacks are like someone assuming your identity in order to read
your message. The person on the other end might believe it is you because the attacker
might be actively replying as you to keep the exchange going and gain more
information. This attack is capable of the same damage as an application-layer attack,
described later in this section.
Top Of Page

Compromised-Key Attack
A key is a secret code or number necessary to interpret secured information. Although
obtaining a key is a difficult and resource-intensive process for an attacker, it is possible.
After an attacker obtains a key, that key is referred to as a compromised key.
An attacker uses the compromised key to gain access to a secured communication
without the sender or receiver being aware of the attack.With the compromised key, the
attacker can decrypt or modify data, and try to use the compromised key to compute
additional keys, which might allow the attacker access to other secured communications.
Top Of Page

Sniffer Attack
A sniffer is an application or device that can read, monitor, and capture network data
exchanges and read network packets. If the packets are not encrypted, a sniffer provides
a full view of the data inside the packet. Even encapsulated (tunneled) packets can be
broken open and read unless they are encrypted and the attacker does not have access
to the key.
Using a sniffer, an attacker can do any of the following:
 Analyze your network and gain information to eventually cause your network to
crash or to become corrupted.
 Read your communications.
Top Of Page
Application-Layer Attack
An application-layer attack targets application servers by deliberately causing a fault in a
server's operating system or applications. This results in the attacker gaining the ability
to bypass normal access controls. The attacker takes advantage of this situation, gaining
control of your application, system, or network, and can do any of the following:
 Read, add, delete, or modify your data or operating system.
 Introduce a virus program that uses your computers and software applications to
copy viruses throughout your network.
 Introduce a sniffer program to analyze your network and gain information that
can eventually be used to crash or to corrupt your systems and network.
 Abnormally terminate your data applications or operating systems.
 Disable other security controls to enable future attacks.

Exploit: A defined way to breach the security of an IT system through

vulnerability.

Phases involved in hacking

Phase 1 | Reconnaissance
Reconnaissance is the act of gathering preliminary data or intelligence on your target. The data is
gathered in order to better plan for your attack. Reconnaissance can be performed actively

(meaning that you are directly touching the target) or passively (meaning that your recon is being

performed through an intermediary).

Phase 2 | Scanning
The phase of scanning requires the application of technical tools to gather further intelligence on

your target, but in this case, the intel being sought is more commonly about the systems that they

have in place. A good example would be the use of a vulnerability scanner on a target network.

Phase 3 | Gaining Access

Phase 3 gaining access requires taking control of one or more network devices in order to either

extract data from the target, or to use that device to then launch attacks on other targets.

Phase 4 | Maintaining Access

Maintaining access requires taking the steps involved in being able to be persistently within the

target environment in order to gather as much data as possible. The attacker must remain stealthy

in this phase, so as to not get caught while using the host environment.

Phase 5 | Covering Tracks

The final phase of covering tracks simply means that the attacker must take the steps necessary

to remove all semblance of detection. Any changes that were made, authorizations that were

escalated etc. all must return to a state of non-recognition by the host network’s administrators.