Introduction to

computer & systems

security
What is security?
 Security is management of access to a resource of a
system.

 A complete understanding of security should address

the following:
How does the system work?
How is the system vulnerable and what are the
threats?
How do we prevent harm to the system?
How do we detect and respond to attacks on the
system?

 An attack on a system is simply an unauthorised

access or an attempt to access a resource where no
access is permitted. 2
 Security cont./
 Computer security rests on confidentiality, integrity, and
availability.

CONIDENTIALITY
 Confidentiality is the concealment of information or

resources.

 Access control mechanisms support confidentiality.

 One access control mechanism for preserving confidentiality

is cryptography, which scrambles data to make it
incomprehensible.

3
 Security cont./
INTEGRITY
 Integrity refers to the trustworthiness of data or

resources, and is usually phrased in terms of preventing

improper or unauthorised change.

 Integrity mechanisms fall into two classes: prevention

mechanisms and detection mechanisms.

 Prevention mechanisms seek to maintain data integrity by

blocking any unauthorised attempts to change the data or
any attempts to change the data in unauthorised ways.

 Detection mechanisms do not try to prevent violations of

integrity; they simply report that the data's integrity is no
longer trustworthy. 4
 Security cont./
AVAILABILITY
 Availability refers to the ability to use the information or

resource desired.

 Availability is an important aspect of reliability because an

unavailable system is at least as bad as no system at all.

 The aspect of availability that is relevant to security is that

someone may deliberately deny access to data or to a
service by making it unavailable.

 DoS (denial of service) is a type of attack that makes

data or a resource unavailable when it’s not supposed to.

5
 Concepts
 AccessControl : The process of limiting access to the
resources of a system to only authorised persons,
programs, processes, or other systems.

 Authentication : The process to verify the identity of a

user, device, or other entity in a computer system,
often as a prerequisite to allowing access to resources.

 Non-repudiation : Method by which the sender is

provided with proof of delivery and the recipient is
assured of the sender’s identity, so that neither can
later deny having processed the data.

6
 Security appliances & applications
 Firewall: A firewall can be either software or hardware that
is installed to separate a trusted network from a less-
trusted network.

 Firewalls in form of hardware (with integrated software) are

installed on networks and are usually configurable.

 Personal firewalls are in software form and reside on a host.

 A firewall monitors traffic entering or leaving either a

network or a machine and either allows or blocks traffic
based on a policy.

 A firewall will by default discard all inbound

connections/traffic that's not in response to outbound
connections/traffic. 7
 Intrusion Detection/Prevention Systems

 A network intrusion is an unauthorised penetration

of a computer/system of an assigned domain.

 Intrusion Prevention System (IPS): IPS is an

active device that listens promiscuously to all
incoming traffic to identify intrusions. It works with
the firewall to modify rule templates to block traffic
from the intruder address(es) while the intrusion is
still in progress.

 Intrusion Detection System (IDS): IDS is a

passive device that listens promiscuously to all
incoming traffic to record and generate alerts and
issue TCP resets if necessary. 8
 Threats
 Threats are potential dangers.
 Attacks are actions that exploit vulnerabilities.
 Attackers are individuals performing attacks.
 Hackers are individuals with high technical skills

(can be ethical or malicious).

• White Hat Hackers (Ethical Hackers)
• Black Hat Hackers (Malicious Hackers)
• Gray Hat Hackers
 Crackersare malicious individuals focused on
breaking security measures.

9
 Types of Attacks
Passive Attacks
• Involves monitoring or eavesdropping on

communication without altering data.

• Information gathering or surveillance.

• Difficult to detect since no changes are made to data

or systems.
Active Attacks
• Involves direct interaction, altering or disrupting data

or systems.
• Modify data, disrupt communication, or take control

of systems.
• Easier to detect due to changes in data or network

operations.
10
 Attacks
 There are three main classes of attacks that are commonly
found in today’s network environment:
• Access attacks
• Reconnaissance attacks
• Denial of service (DoS) attacks

ACCESS ATTACKS
 This is an attempt to access another user account or

network device through improper means.

 Unauthorized attacks are attempted via four means, all of

which try to by-pass some facet of the authentication
process:
(1) Password attacks (2) Trust exploitation
(3) Port redirection (4) Man-in-the-middle (MITM)
attacks. 11
 Attacks cont./
RECONNAISSANCE ATTACKS
 The attacker surveys a network and collects data for a

future attack. Such information includes the following:

 Ports open on a server
 Ports open on a firewall
 IP addresses on the host network
 Hostnames associated with the IP addresses

 The four main subcategories or methods for gathering

network data:
(1) Packet sniffers (2) Ping sweeps
(3) Port scans (4) Information queries

Examples of utilities/programs that exploit the above

include: Wireshark, Ettercap, BackTrack, nmap etc. 12
 Attacks cont./
DENIAL OF SERVICE (DoS) ATTACKS
 DoS attacks are often implemented by a attackers as a

means of denying a service that is normally available to a

user or organization.

 The three main forms of DoS are:

(1) Distributed DoS (DDoS) attack, (2) TCP SYN attack (3)
Smurf attack.

13
 Attacks cont./
 DDoS
With Distributed DoS, multiple systems are compromised to send a DoS
attack to a specific target.
 The compromised systems are commonly called zombies or slaves.
 As a result of the attack, the targeted system denies service to valid
users.

14
 Attacks cont./
TCP SYN
 In a TCP SYN attack, a SYN request is sent to a device with a
spoofed source IP address. The attacking system does not
acknowledge the resulting SYN-ACK, which causes the session
connection queues to fill up and stop taking new connection
requests.

15
Establishing a Security
Policy
 A security policy defines:
◦ Organization’s security requirements
◦ Controls and sanctions needed to meet the
requirements
 Security policies are formal rules and
guidelines dictating how an
organization's IT resources and
sensitive data should be protected.
 Ensure consistent behavior, guide

employee actions, protect assets, and

mitigate risks.
16
Establishing a Security Policy
(cont’d.)
 Areas of concern
◦ Email attachments
◦ Wireless devices
 VPN uses the Internet to relay
communications but maintains privacy
through security features
 Additional security includes encrypting

originating and receiving network

addresses

17
Establishing a Security Policy
(cont’d.)
Steps in Designing Security Policies:
 Identify assets to be protected.
 Conduct a risk assessment to identify

potential threats and vulnerabilities.

 Define the scope and objectives of the

policy.
 Involve stakeholders in the policy

creation process.
 Regularly review and update the policy.

18
Educating Employees, Contractors,
and Part-Time Workers
 Educate and motivate users to
understand and follow policy
 Discuss recent security incidents
 Help protect information systems by:

◦ Guarding passwords
◦ Not allowing sharing of passwords
◦ Applying strict access controls to protect
data
◦ Reporting all unusual activity
◦ Protecting portable computing and data
storage devices

19
Detection
 Detection systems
◦ Catch intruders in the act
 Intrusion detection system
◦ Monitors system/network resources and
activities
◦ Notifies the proper authority when it
identifies:
 Possible intrusions from outside the
organization
 Misuse from within the organization
◦ Knowledge-based approach
◦ Behavior-based approach
20
Detection Key components
 Monitoring Systems
 Alerting Mechanisms
 Behavioral Analytics
 Log Analysis:

21
Prevention
 Implement a layered security solution
◦ Make computer break-ins harder
 Installing a corporate firewall
◦ Limits network access
 Intrusion prevention systems
◦ Block viruses, malformed packets, and other
threats
 Installing antivirus software
◦ Scans for sequence of bytes or virus signature
◦ United States Computer Emergency Readiness
Team (US-CERT) serves as clearinghouse

22
Prevention
 Access Control
 Patch Management
 Firewall and Perimeter
 Encryption
 Security Awareness Training
 Regular Security Audits and

Vulnerability Assessments
 End point Protection

23
Response
 Response plan
◦ Develop well in advance of any incident
◦ Approved by:
 Legal department
 Senior management
 Primary goals
◦ Regain control and limit damage
◦ Not to monitor or catch an intruder

24
Response (cont’d.)
 Review
◦ Determine exactly what happened
◦ Evaluate how the organization responded
 Weigh carefully the amount of effort
required to capture the perpetrator
 Consider the potential for negative

publicity
 Legal precedent

◦ Hold organizations accountable for their own

IT security weaknesses

25
Response Key components
 Incident Containment
 Eradication
 Recovery
 Communication
 Post-Incident Review (Lessons Learned)

26
Key considerations in
Implementing Security Policies
 Ensure management buy-in and
support.
 Communicate the policy to all

employees.
 Provide training on the policy.
 Monitor compliance and enforce the

policy.

27
Risk Management
 Process of identifying, assessing, and
mitigating security risks to protect an
organization's assets.

28
Key Elements of Risk
Management
• Risk Identification: Identify assets and
potential threats (e.g., cyber-attacks,
insider threats, natural disasters).
• Risk Assessment: Determine the
likelihood and impact of identified risks.
• Risk Mitigation: Implement controls to
reduce risk (e.g., firewalls, encryption,
access controls).
• Risk Monitoring: Continuously monitor
and review risks to address new threats.

29
Vulnerability Assessments
 Identify and evaluate security
weaknesses in a system.
◦ Scanning for vulnerabilities (e.g., software
flaws, outdated systems).
◦ Evaluating the impact of discovered
vulnerabilities.
◦ Providing recommendations for fixing
vulnerabilities.

30
Penetration Testing
 Simulates real-world attacks to identify
exploitable vulnerabilities.
 External (from outside the network) and

internal (from within the network).

◦ Planning and reconnaissance.
◦ Scanning and gaining access.
◦ Maintaining access and exploitation.
◦ Reporting findings and remediation
suggestions.

31
Security Audits
 Assess overall security posture and
compliance with policies/regulations.
 Internal audits (by the organization)

and
 external audits (by third parties).

◦ Review of policies, procedures, and technical

controls.
◦ Assessment of security configurations and
access controls.
◦ Reporting compliance gaps and
recommendations.

32
The End

Questions??