COMPUTER SYSTEM SECURITY – UNIT 1

COMPUTER SYSTEM SECURITY

(KNC301)

UNIT-1

Computer System Security Introduction: Introduction, What is

computer security and what to l earn? , Sample Attacks, The
Marketplace for vulnerabilities, Error 404 Hacking digital India part 1
chase.

Hijacking & Defense: Control Hijacking ,More Control Hijacking attacks

integer overflow ,More Control Hijacking attacks format string
vulnerabilities, Defense against Control Hijacking -Platform Defenses,
Defense against Control Hijacking - Run-time Defenses, Advanced
Control Hijacking attacks.

Page 1 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

Computer System Security – Introduction

1.1 Introduction
Computer security is the ability of a computer system to protect
information with respect with to confidentiality, integrity and
unauthorized access.
Computer security, also known as cyber security or IT security,
is the protection of information systems from theft or damage
to the hardware, software, and information.
Computer security includes controlling physical access to the
hardware, as well as protecting against harm that may come via
network access.
The main objective of computer security is to protect the
system’s information from any external or internal harms.
Under computer security we have various types of attacks.

1.2 Goals of Computer Security System

Followings are the goals of computer security system.
1. Confidentiality
2. Integrity
3. Availability
4. Authentication
5. Non-Repudiation

Page 2 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

1. Confidentiality
Confidentiality measures protect information from
unauthorized access. Confidentiality is equivalent to privacy
and avoids the unauthorized disclosure of information. It
involves the protection of data, providing access for those who
are allowed to see it while disallowing others from learning
anything about its content. It prevents essential information
from reaching the wrong people while making sure that the
right people can get it. Data encryption is a good example to
ensure confidentiality.

Page 3 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

2. Integrity
Integrity refers to the methods for ensuring that data is real,
accurate and safeguarded from unauthorized user modification.
It is the property that information has not be altered in an
unauthorized way, and that source of the information is
genuine.

3. Availability
Availability is the property in which information is accessible
and modifiable in a timely fashion by those authorized to do so.
It is the guarantee of reliable and constant access to our
sensitive data by authorized people. In order for an information
system to be useful it must be available to authorized users.

4. Authentication
An authentication is a process that ensures and confirms a user's
identity or role that someone has. It can be done in a number of
different ways, but it is usually based on a combination of-
 something the person has (like a smart card or a radio
key for storing secret keys),
 something the person knows (like a password),
 Something the person is (like a human with a
fingerprint).
Authentication is the necessity of every organizations because
it enables organizations to keep their networks secure by
permitting only authenticated users to access its protected
Page 4 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

resources. These resources may include computer systems,

networks, databases, websites and other network-based
applications or services.

5. Non-Repudiation
Non-repudiation is the assurance that someone cannot deny the
validity of something. Non-repudiation is a legal concept that
is widely used in information security and refers to a service,
which provides proof of the origin of data and the integrity of
the data.

1.3 Security Mechanism

Security mechanisms are technical tools and techniques that are
used to implement security services.
1. Encipherment:
This is hiding or covering of data which provides
confidentiality. It is also used to complement other mechanisms
to provide other services. Cryptography and Steganography are
used for enciphering
2. Data Integrity:
The data integrity mechanism appends to the data a short check
value that has been created by a specific process from the data
itself. Data integrity is preserved by comparing check value
received to the check value generated.

Page 5 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

3. Digital Signature:
A digital signature is a means by which the sender can
electronically sign the data and the receiver can electronically
verify the signature. It provides authenticity of data.
4. Authentication Exchange:
In this two entities exchange some messages to prove their
identity to each other.
5. Traffic Padding:
Traffic padding means inserting some fake data into the data
traffic to thwart the adversary’s attempt to use the traffic
analysis.
6. Routing Control:
Routing control means selecting and continuously changing
different available routes between sender and receiver to
prevent the opponent from eavesdropping on a particular route.
7. Notarization:
Notarization means selecting a third trusted party to control the
communication between two entities. The receiver can involve
a trusted third party to store the sender request in order to
prevent the sender from later denying that she has made a
request.
8. Access Control:
Access control used methods to prove that a user has access
right to the data or resources owned by a system. Examples of
proofs are passwords and PINs.

Page 6 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

1.4 Sample Attacks

There are two types of cyber attacks

1. Passive Attacks
The main goal of a passive attack is to obtain unauthorized
access to the information. For example, actions such as
intercepting and eavesdropping on the communication channel
can be regarded as passive attack.
These actions are passive in nature, as they neither affect
information nor disrupt the communication channel. A passive
attack is often seen as stealing information.

1. The release of message content –

Telephonic conversation, an electronic mail message or a

transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from
learning the contents of these transmissions.

Page 7 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

2. Traffic analysis –

The opponent could determine the location and identity of

communicating host and could observe the frequency and
length of messages being exchanged. This information
might be useful in guessing the nature of the
communication that was taking place.

Page 8 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

2. Active Attacks
An active attack involves changing the information in some
way by conducting some process on the information. For
example,
 Modifying the information in an unauthorized manner.
 Initiating unintended or unauthorized transmission of
information.
 Alteration of authentication data such as originator name
or timestamp associated with information
 Unauthorized deletion of data.
 Denial of access to information for legitimate users
(denial of service).

Page 9 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

1. Masquerade –

Masquerade attack takes place when one entity pretends to

be different entity. A Masquerade attack involves one of the
other form of active attacks.

2. Modification of messages –

It means that some portion of a message is altered or that

message is delayed or reordered to produce an unauthorised
effect. For example, a message meaning “Allow JOHN to
read confidential file X” is modified as “Allow Smith to
read confidential file X”.

Page 10 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

3. Repudiation –

This attack is done by either sender or receiver. The sender

or receiver can deny later that he/she has send or receive a
message.

4.Replay –

In a ‘replay attack’, the attacker captures some information

(as an example, authentication information) and re-submits
it back to the receiver.

Page 11 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

5.Denial of Service –

A “denial of service” or DoS attack is used to tie up a

website’s resources so that users who need to access the site
cannot do so.

A denial-of-service attack is a security event that occurs

when an attacker prevents authentic users from accessing
specific computer systems, devices, services or other IT
resources.

Page 12 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

1.5 The Marketplace for vulnerabilities

Vulnerability is a weakness in the security system. A computer
vulnerability is a cyber security term that refers to a defect in
a system that can leave it open to attack.
This vulnerability could also refer to any type of weakness
present in a computer itself, in a set of procedures, or in
anything that allows information security to be exposed to a
threat.
It is possible for network user and computer users to protect
computers from vulnerabilities by regularly updating software
security patches. These patches are capable of solving defect.
Computer system vulnerabilities exist because programmers
fail to fully understand the inner programs.

Common Computer Security Vulnerabilities

The most common computer vulnerabilities include:
 Bugs
 Weak passwords
 Software that is already infected with virus
 Missing data encryption
 OS command injection
 SQL injection
 Buffer overflow
 Missing authorization
 Use of broken algorithms

Page 13 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

 URL redirection to untrusted sites

 Path traversal
 Missing authentication for critical function
 Upload of dangerous file types
 Dependence on untrusted inputs in a security decision
 Cross-site scripting and forgery
 Download of codes without integrity checks
Causes and Harms of Computer Security Vulnerabilities
Computer security vulnerability can harm five kinds of system
securities that include:
 Reliability: This refers to reducing incorrect false alarm
in the operation of a computer system and enhancing the
efficiency of a computer system.
 Confidentiality:
 Entirety:
 Usability: This ensures that users can enjoy the services
offered by computers and information networks.
 Undeniableness: This security refers to guaranteeing
information actors to be responsible for their behaviour.

1.6 Error 404 Hacking digital India part 1

Chase
The Cyber crime and cyber attacks hack the Information of the
users like bank details and proposal information.
The attacker and hacker creates an attractive video so that
victim gets attracted and plays that video into system.

Page 14 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

When we clicked on video to play then at the time of buffering,

hacker can know our current location and GPS history but also
have complete access to our contacts, text messages,
Facebook, WhatsApp and most importantly our back detail
including our CVV number.

Hijacking & Defense

1.7 Control Hijacking

Hijacking is a type of network security attack in which the
attacker takes control of a communication. Just as an airplane
hijacker takes control of a flight.

In one type of hijacking (also known as a man in the

middle attack), the attacker takes control of an established
connection while it is in progress.

The attacker intercepts messages in a public key exchange and

then retransmits them, substituting their own public key for the
requested one, so that the two original parties still appear to be
communicating with each other directly.

The attacker uses a program that appears to be the server to the

client and appears to be the client to the server. This attack may
be used simply to gain access to the messages, or to enable the
attacker to modify them before retransmitting them.

Page 15 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

Attacker’s goal in control hijacking-

a) Takeover target machine (for example web server)

b) Execute arbitrary code on target (web server) by hijacking

application control flow

There are three types of control hijacking

a) Buffer overflow attacks

b) Integer Overflow attacks

c) Format String vulnerabilities

a) Buffer overflow attacks

A buffer is a temporary area for data storage. When more

data gets placed by a program or system process, the extra
data overflow.

It causes some of that data to leak out into other buffers,

which can corrupt or overwrite whatever data they are
holding.

b) Integer Overflow attacks

An Integer Overflow attacks occurs when an attacker causes

a value in the program to be large enough to overflow
unexpectedly.

An Integer overflow is the condition that occure when the

result of an arithmetic operation, such as multiplication or
Page 16 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

addition , exceeds the maximum size of the integer types

used to store it.

c) Format String vulnerabilities

Format String vulnerabilities are a class of bug that takes

advantage of an easily avoidable programmer error.

Format String vulnerabilities arise when user controllable input

is passed as the format string parameter to a function that takes
format specifiers that mat be misused, as in printf family in C.

1.8 Defense against Control Hijacking

Control Hijacking Attack Controlled or defense through:

a) Platform Defense

i. Fixed the bug

ii. Making Memory as non - Execute

b) Run time Defense

i. Random Canary

a) Platform Defense – Through platform defense we can

prevent target machine (server) by using

i. Fixed the bug-

a). Audit software through automated tools

b).Rewrite software in a safe language

Page 17 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

c). Prevent code execution.

ii. Making Memory as non – execute: Prevent

attack code execution by making stack and heap
as non-executable.

b) Run time Defense – In run time defense we tests for stack

integrity. We embed “canaries” in stack frames and verify
their integrity prior to function return.

There are types of canaries:

a) Random Canary: In random canary, random string is

chosen at program startup. Insert canary string into
every stack frame. Verify canary before returning from
function. If there the integrity is maintain of canary it
means our data is safe.

1.9 Common types of security threats and

Cyber Attacks
1. Viruses - A virus is a software program that can spread from
one computer to another computer or one network to another
network without the user’s knowledge and performs malicious
attacks.
It has capability to corrupt or damage organization’s sensitive
data, destroy files, and format hard drives.
2. Phishing - Phishing attacks are the practice of sending fraud
communications that appear to come from a reputable source.
It is usually done through email. The goal is to steal sensitive
data like credit card and login information.
3. Trojan horse - In computing, a Trojan horse is
a program downloaded and installed on a computer
Page 18 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

that appears harmless, but is, in fact, malicious. Unexpected

changes to computer settings and unusual activity.
4. Spyware - Spyware can infect any device and give
cybercriminals full access to sensitive information such as your
passwords, banking details, or your entire digital identity.
5. Worm - A worm virus is a malicious, self-replicating
program that can spread throughout a network without human
assistance.
Worms cause damage similar to viruses, exploiting holes in
security software and potentially stealing sensitive
information, corrupting files and installing a back door for
remote access to the system, among other issues.
6. Denial-of-service (dos) attacks - A denial-of-service attack
floods systems, servers, or networks with traffic to exhaust
resources and bandwidth. As a result, the system is unable to
fulfil legitimate requests.
7. Sql injection - A Structured Query Language (SQL)
injection occurs when an attacker inserts malicious code into a
server that uses SQL and forces the server to reveal information
it normally would not. SQL injection, also known as SQLI, is
a kind of attack that employs malicious code to manipulate
backend databases to access information that was not intended
for display.
8. Rootkit - The RootKit virus is a potentially highly
dangerous form of virus or malware. A specific type of virus,
it can be used to infiltrate your computer with worms, Trojans
and malware. That's because it opens up 'root' access to your
computer, allowing attackers to access anything they might
want from within your system.

Page 19 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

9. Malware - Malware is software that typically consists of

program or code and which is developed by cyber attackers. It
is types of cyber security threats to organizations which are
designed to extensive damage to systems or to gain
unauthorized access to a computer
10. Ransomware - Ransomware is type of security threats that
blocks to access computer system and demands for bitcoin in
order to access the system. The most dangerous ransomware
attacks are wannacry, petya, cerber, locky and cryptolocker etc
11. Data breach - A data breach is a security threat that
exposes confidential or protected information and the
information is accessed from a system without authorization of
the system’s owner.
The information may involve sensitive, proprietary, or
confidential such as credit card numbers, customer data, trade
secrets etc.
12. Man-in-the-middle attack - Man-in-the-middle (mitm)
attacks, also known as eavesdropping attacks, occur when
attackers insert themselves into a two-party transaction. Once
the attackers interrupt the traffic, they can filter and steal data.

13. Cross Site Scripting - Cross-site scripting (XSS) is a kind

of injection breach where the attacker sends malicious scripts
into content from otherwise reputable websites. It happens
when a dubious source is allowed to attach its own code into
web applications, and the malicious code is bundled together
with dynamic content that is then sent to the victim’s browser.

14. IP Spoofing - IP spoofing is used by an attacker to convince

a system that it is communicating with a known, trusted entity
and provide the attacker with access to the system. The attacker

Page 20 of 21
 COMPUTER SYSTEM SECURITY – UNIT 1

sends a packet with the IP source address of a known, trusted

host instead of its own IP source address to a target host. The
target host might accept the packet and act upon it.

Page 21 of 21