COMPUTER SYSTEM SECURITY

UNIT 1

COMPUTER SECURITY

Computer security basically is the protection of computer systems and

information from harm, theft, and unauthorized use. It is the process of
preventing and detecting unauthorized use of your computer system.

There are various types of computer security which is widely used to

protect the valuable information of an organization.

What is Computer Security and its types?

One way to ascertain the similarities and differences among Computer

Security is by asking what is being secured. For example,

 Information security is securing information from unauthorized

access, modification & deletion
 Application Security is securing an application by building security
features to prevent from Cyber Threats such as SQL injection, DoS
attacks, data breaches and etc.
 Computer Security means securing a standalone machine by
keeping it updated and patched
 Network Security is by securing both the software and hardware
technologies
 Cybersecurity is defined as protecting computer systems, which
communicate over the network

Components of computer system

The components of a computer system that needs to be protected are:

 Hardware, the physical part of the computer, like the system

memory and disk drive
 Firmware, permanent software that is etched into a hardware
device’s nonvolatile memory and is mostly invisible to the user
 Software, the programming that offers services, like operating
system, word processor, internet browser to the user
 Why is Computer Security Important?

In this digital era, we all want to keep our computers and our personal
information secure and hence computer security is important to keep our
personal information protected. It is also important to maintain our
computer security and its overall health by preventing viruses and
malware which would impact on the system performance

THREE MAIN AREAS OF CSS

 Confidentiality is ensuring that information is available only to the

intended audience
 Integrity is protecting information from being modified by
unauthorized parties
 Availability is protecting information from being modified by
unauthorized parties

In simple language, computer security is making sure information and

computer components are usable but still protected from people or software
that shouldn’t access it or modify it.

Now moving forward with this ‘What is Computer Security?” article let’s
look at the most common security threats.

Computer security threats

Computer security threats are possible dangers that can possibly hamper the
normal functioning of your computer. In the present age, cyber threats are
constantly increasing as the world is going digital. The most harmful types of
computer security are:

Viruses

A computer virus is a malicious program which is loaded into the user’s

computer without user’s knowledge. It replicates itself and infects the files
and programs on the user’s PC. The ultimate goal of a virus is to ensure that
the victim’s computer will never be able to operate properly or even at all.

Computer Worm

A computer worm is a software program that can copy itself from one
computer to another, without human interaction. The potential risk here is
that it will use up your computer hard disk space because a worm can
replicate in greate volume and with great speed.

Phishing

Disguising as a trustworthy person or business, phishers attempt to steal

sensitive financial or personal information through fraudulent email or instant
messages. Phishing in unfortunately very easy to execute. You are deluded
into thinking it’s the legitimate mail and you may enter your personal
information.
Botnet

A botnet is a group of computers connected to the internet, that have been

compromised by a hacker using a computer virus. An individual computer is
called ‘zombie computer’. The result of this threat is the victim’s computer,
which is the bot will be used for malicious activities and for a larger scale
attack like DDoS.

Rootkit

A rootkit is a computer program designed to provide continued privileged

access to a computer while actively hiding its presence. Once a rootkit has
been installed, the controller of the rootkit will be able to remotely execute
files and change system configurations on the host machine.

Keylogger

Also known as a keystroke logger, keyloggers can track the real-time activity
of a user on his computer. It keeps a record of all the keystrokes made by user
keyboard. Keylogger is also a very powerful threat to steal people’s login
credential such as username and password.

These are perhaps the most common security threats that you’ll come across.
Apart from these, there are others like spyware, wabbits, scareware,
bluesnarfing and many more. Fortunately, there are ways to protect yourself
against these attacks.

Attacks

We want our security system to make sure that no data are disclosed to
unauthorized parties. Data should not be modified in illegitimate ways
Legitimate user can access the data .

Types of attacks Attacks are grouped into two types:

Passive attacks: does not involve any modification to the contents of an

original message

Active attacks: the contents of the original message are modified in some
ways.

THE MARKETPLACE FOR VULNERABILITIES

Vulnerability is a cyber-security term that refers to a flaw in a system that

can leave it open to attack. Vulnerable consumers fail to understand their
preferences and/or lack the knowledge, skills, or freedom to act on them.

Examples of Vulnerabilities

Below are some examples of vulnerability:

 A weakness in a firewall that can lead to malicious hackers getting

into a computer network
 Lack of security cameras
 Unlocked doors at businesses
All of these are weaknesses that can be used by others to hurt a business
or its assets.

How is vulnerability different from a cyber security threat and risk?

Vulnerabilities are not introduced to a system; rather they are there from
the beginning. There are not many cases involving cybercrime activities
that lead to vulnerabilities. They are typically a result of operating system
flaws or network misconfigurations. Cyber security threats, on the other
hand, are introduced to a system like a virus download or a social
engineering attack.

What causes the vulnerability?

There are many causes of Vulnerabilities like:

1. Complex Systems – ‍Complex systems increase the probability of

misconfigurations, flaws, or unintended access.
2. Familiarity – Attackers may be familiar with common code,
operating systems, hardware, and software that lead to known
vulnerabilities.
3. Connectivity – ‍Connected devices are more prone to have
vulnerabilities.
4. Poor Password Management – ‍Weak and reused passwords can
lead from one data breach to several.
5. OS Flaws – ‍Operating systems can have flaws too. Unsecured
operating systems by default can give users full access and become
a target for viruses and malware.‍
6. Internet – ‍The internet is full of spyware and adware that can be
installed automatically on computers.
7. Software Bugs – Programmers can sometimes accidentally, leave
an exploitable bug in the software.
8. Unchecked user input – ‍If software or a website assumes that all
input is safe, it may run unintended SQL injection.
9. People – Social engineering is the biggest threat to the majority of
organizations. So, humans can be one of the biggest causes of
vulnerability.
 Vulnerability Detection

Vulnerability detection includes the following three methods:

 Vulnerability scanning
 Penetration testing
 Google hacking

ERROR 404 DIGITAL HACKING INDIA PHASE 1

1. In error 404 hacking digital India part 1 chase , the cyber crime and
cyber attacks hack the information of users like bank detail and personal
information
2. It is real time incident . In this , attacker or hacker creates an attractive
video so that victim gets attracted and plays that video into system .
3. When we clicked on video to play then at the time of buffering ,
hacker can know our current location and GPS history but also have
complete access to our contacts , text messages , Facebook , Whatsapp
and most importantly our bank details , including our CVV number
4. Hackers are creating a kind Trojan file , and android apk files . The apk
files that will be distributed all over the internet . Those who download
this file will be hacked easily

5. Potential cyber attacks that is most common in error 404 hacking :

A ).Web Application attacks :

.i.) A web application is a client - server computer program which uses
web browsers and web technology to allow its visitors to store and
retrieve data to / from the database over the internet .

ii ). If there is flaw in the web application , it allows the attacker to

manipulate data using SQL injection attack .

B. ). Network security attacks :

i ).Network security attacks are unauthorized actions against private ,

corporate or governmental IT assets in order to destroy them modify them
or steal sensitive data .
ii ). As more enterprises invite employees to access data from mobile
devices , networks become vulnerable to data theft or total destruction of
the data or network .

C). Mobile security attacks :

I ). Mobile security , or mobile device security , has become increasingly
important in mobile computing .

ii). The security of personal and business information now stored on

smartphones .
iii ). More and more users and businesses use smartphones to
communicate , but also to plan and organize their users ' work and also
private life .

iv). Within companies , these technologies are causing profound changes

in the organization of information systems and therefore they have
become the source of new risks .

CONTROL HIJACKING

A control hijack attack is done by overwriting some of the data

structures in a victim program that affects its control flow and
eventually hijacks the control of the program and possibly the
underlying system. Attacks like these eventually pave way for
corrupting or overwriting the data that they were storing.

Hijacking is a type of network security attack in which the attacker takes

control of a communication .
In hijacking ( also known as a man in the middle attack ) , the perpetrato
takes control of an established connection while it is in progress .

The attacker intercepts messages in a public key exchange and then

retransmits them , substituting their own public key for the requested one ,
so that the two original parties still appear to be communicating with each
other directly .

The attacker uses a program that appears to be the server to the client and
appears to be the client to the server .
 This attack may be used simply to gain access to the messages , or to
enable the attacker to modify them before retransmitting them .

Attacker's goal in control hijacking :

Takeover target machine ( for example web server ) br Execute arbitrary
code on target by hijacking application control flow

There are three types of control hijacking in computer security :

1. Buffer overflow attacks

2. Integer overflow attacks
3. Format string vulnerabilities

Buffer overflow in Control Hijacking :

1. Buffers are memory storage regions that temporarily hold data while it
is being transferred from one location to another .

2. A buffer overflow ( or buffer overrun ) occurs when the volume of data

exceeds the storage capacity of the memory buffer .

3. As a result , the program attempting to write the data to the buffer

overwrites adjacent memory locations .

4.Attackers exploit buffer overflow issues by overwriting the memory of

an application .

5 . This changes the execution path of the program , triggering a response

that damages files or exposes private information.

One of the most used attack techniques

• Advantages – very effective • attack code runs with privileges of
exploited process – can be exploited locally and remotely • interesting for
network services

• Disadvantages – architecture dependent • directly inject assembler code

– operating system dependent • use of system calls – some guesswork
involved (correct addresses)
DEFENCE AGAINST CONTROL HIJACKING

1. Fix bugs: – Audit software • Automated tools: Coverity, Prefast/Prefix.

– Rewrite software in a type safe languange (Java, ML) • Difficult for
existing (legacy) code …

2. Platform defenses: prevent attack code execution

3. Add runtime code to detect overflows exploits – Halt process when

overflow exploit detected – StackGuard, CFI, LibSafe, …

A variety of defensive mechanisms have been proposed to mitigate

control-flow hijacking attacks. As previously mentioned, complete
memory safety, code pointer integrity, and control flow integrity are
promising defenses in theory. The practicality of these defenses relies on
how a particular implementation balances security with the performance
overhead.

Run-time Defenses
In order to prevent data loss, prevent data theft,minimize employee
downtime, and maximize IT productivity, businesses need an additional
line of preventative defense that can block attacks that antivirus doesn’t –
before any harm is done.An emerging category of software known as
Runtime Malware Defense offers a promising solution that works by
detecting and blocking malware and exploits at runtime