Computer and Information System Security

 Computer security focuses on the security attacks, security mechanisms and security services.

 Security attacks are the reasons for breach of security. Security attacks comprise of all actions that

breaches the computer security.

 Security mechanisms are the tools that include the algorithms, protocols or devices, that are designed to

detect, prevent, or recover from a security attack.

 Security services are the services that are provided by a system for a specific kind of protection to the

system resources.

The purpose of computer security is to provide reliable security services in the environments suffering

security attacks, by using security mechanisms. The security services use one or more security

mechanism(s).

Security Threat and Security Attack

 A threat is a potential violation of security and causes harm. A threat can be a malicious

program, a natural disaster or a thief.

 Vulnerability is a weakness of system that is left unprotected. Systems that are vulnerable are exposed to

threats.

 Threat is a possible danger that might exploit vulnerability; the actions that cause it to occur are the

security attacks. For example, if we leave the house lock open—it is vulnerable to theft; an intruder in

our locality (might exploit the open lock) is a security threat; the intruder comes to know of the open

lock and gets inside the house—This is a security attack.

A security attack may be a passive attack or an active attack.

 The aim of a passive attack is to get information from the system but it does not affect the system

resources. In other words, it aims at obtaining unauthorized access to information. Passive attacks

include eavesdropping and intercepting on communication channels. Passive attacks ma analyzes the

traffic to find the nature of communication that is taking place, or, release the contents of the message to
 a person other than the intended receiver of the message. Passive attacks are difficult to detect because

they do not involve any alteration of the data. Thus, the emphasis in dealing with passive attacks is on

prevention rather than detection.

 Active attack (masquerade): An active attack tries to alter the system resources or affect its operations.

Active attack may modify the data or create a false data. An active attack may be a masquerade (an

entity pretends to be someone else), replay (capture events and replay them), modification of messages,

and denial of service. Active attacks are difficult to prevent. However, an attempt is made to detect an

active attack and recover from them.

Security attacks can be on users, computer hardware and computer software.

 Attacks on users could be to the identity of user and to the privacy of user. Identity attacks result in

someone else acting on your behalf by using personal information like password, PIN number in an

ATM, credit card number, social security number etc (Identity theft, impersonation).

 Attacks on the privacy of user involve tracking of users’ habits and actions—the website user visits, the

buying habit of the user etc. Cookies and spam mails are used for attacking the privacy of users.

 Attacks on computer hardware could be due to a natural calamity like floods or earthquakes; due to

power related problems like power fluctuations etc.; or by destructive actions of a burglar.

 Software attacks harm the data stored in the computer. Software attacks may be due to

malicious software, or, due to hacking. Malicious software or malware is a software code

included into the system with a purpose to harm the system. Hacking is intruding into another computer

or network to perform an illegal act.

Security Attacks/ Threats

Malicious Software

Malicious users use different methods to break into the systems. The software that is

intentionally included into a system with the intention to harm the system is called malicious software.

Viruses, Trojan horse, and Worms are examples of malicious programs.

It can attach itself to other healthy programs.

 It can replicate itself and thus can spread across a network.

 It is difficult to trace a virus after it has spread across a network.

 Viruses harm the computer in many ways—

o corrupt or delete data or files on the computer,

o change the functionality of software applications,

o use e-mail program to spread itself to other computers,

o erase everything on the hard disk,

o degrade performance of the system by utilizing resources such as memory or disk space.

 Virus infects an executable file or program. The virus executes when a program infected with virus is

executed or you start a computer from a disk that has infected system files.

 Once a virus is active, it loads into the computer’s memory and may save itself to the hard drive or

copies itself to applications or system files on the disk.

 However, viruses cannot infect write protected disks or infect written documents. Viruses do not infect

an already compressed file. Viruses also do not infect computer hardware; they only infect software.

 Viruses are most easily spread by attachments in e-mail messages. Viruses also spread through

download on the Internet.

Worms: Worm is self-replicating software that uses network and security holes to replicate itself. A

copy of the worm scans the network for another machine that has a specific security hole. It copies itself

to the new machine using the security hole, and then starts replicating from there, as well. A worm is

however different from a virus. A worm does not modify a program like a virus; however, it replicates

so much that it consumes the resources of the computer and makes it slow.

Trojan Horse

Trojan horse is destructive programs that masquerade as useful programs. Users install Trojan horses
thinking that it will serve a useful purpose such as a game or provide entertainment. However, Trojan

horses contain programs that corrupt the data or damage the files. Trojan horses can corrupt software

applications. They can also damage files

and can contain viruses that destroy and corrupt data and programs. Trojan horse does not

replicate themselves like viruses.

Hacking

Hacking is the act of intruding into someone else’s computer or network. A hacker is someone who does

hacking. Hacking may result in a Denial of Service (DoS) attack. The DoS attack prevents authorized

users from accessing the resources of the computer. It aims at making the computer resource unusable or

unavailable to its intended users. It targets the computer and its network connections, to prevent the user

from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the

affected computer. In a DoS attack, the services of the entire network, an Internet site or service, may be

suppressed or disabled. The affected machine is flooded with spurious requests and messages so as to

overload the network. As a result, the affected machine cannot process the valid requests. This is a

denial of service to the valid users. Generally, the targets of such attacks are the sites hosted on high-

profile web servers such as banks and credit card payment gateways.

Packet sniffing, E-mail hacking and Password cracking are used to get the username and password of

the system to gain unauthorized access to the system. These methods gather the information when the

data is being transmitted over the network.

Packet Sniffing

The data and the address information are sent as packets over the Internet. The packets may contain data

like a user name and password, e-mail messages, files etc. Packet sniffing programs are used to intercept

the packets while they are being transmitted from source to destination. Once intercepted, the data in the

packets is captured and recorded. Generally, packet sniffers are interested in packets carrying the

username and password. Packet sniffing attacks normally go undetected.

Password Cracking
Cracking of password is used by hackers to gain access to systems. The password is generally stored in

the system in an encrypted form. Utilities like Password cracker is used to crack the encrypted

passwords. Password cracker is an application that tries to obtain a password by repeatedly generating

and comparing encrypted passwords or by authenticating multiple times to an authentication source.

E-mail Hacking

The e-mail transmitted over the network contains the e-mail header and the content. If this header and

the content are sent without encryption, the hackers may read or alter the messages in transit. Hackers

may also change the header to modify the sender’s name or redirect the messages to some other user.

Hackers use packet replay to retransmit message packets over a network. Packet replay may cause

serious security threats to programs that require authentication sequences. A hacker may replay the

packets containing authentication data to gain access to the resources of a computer.

Security Services

The security services provide specific kind of protection to system resources. Security services ensure

Confidentiality, Integrity, Authentication, and Non-Repudiation of data or message stored on the

computer, or when transmitted over the network. Additionally, it provides assurance for access control

and availability of resources to its authorized users.

 Confidentiality—The confidentiality aspect specifies availability of information to only authorized

users. In other words, it is the protection of data from unauthorized disclosure. It requires ensuring the

privacy of data stored on a server or transmitted via a network, from being intercepted or stolen by

unauthorized users. Data encryption stores or transmits data, in a form that unauthorized users cannot

understand. Data encryption is used for ensuring confidentiality.

 Integrity—It assures that the received data is exactly as sent by the sender, i.e. the data has not been

modified, duplicated, reordered, inserted or deleted before reaching the intended recipient. The data

received is the one actually sent and is not modified in transit.

 Authentication—Authentication is the process of ensuring and confirming the identity of the user
before revealing any information to the user. Authentication provides confidence in the identity of the

user or the entity connected. It also assures that the source of the received data is as claimed.

Authentication is facilitated by the use of username and password, smart cards, biometric methods like

retina scanning and fingerprints.

 non-Repudiation prevents either sender or receiver from denying a transmitted message. For a

message that is transmitted, proofs are available that the message was sent by the alleged sender and the

message was received by the intended recipient. For example, if a sender places an order for a certain

product to be purchased in a particular quantity, the receiver knows that it came from a specified sender.

Non-repudiation deals with signatures.

 Access Control—It is the prevention of unauthorized use of a resource. This specifies the users who

can have access to the resource, and what are the users permitted to do once access is allowed.

 Availability—It assures that the data and resources requested by authorized users are available to

them when requested.

Security Mechanisms

Security mechanisms deal with prevention, detection, and recovery from a security attack. Prevention

involves mechanisms to prevent the computer from being damaged. Detection requires mechanisms that

allow detection of when, how, and by whom an attacked occurred. Recovery involves mechanism to

stop the attack, assess the damage done, and then repair the damage.

Security mechanisms are built using personnel and technology.

 Personnel are used to frame security policy and procedures, and for training and awareness.

 Security mechanisms use technologies like cryptography, digital signature, firewall, user identification

and authentication, and other measures like intrusion detection, virus protection, and, data and

information backup, as countermeasures for security attack.

CRYPTOGRAPHY

Cryptography is the science of writing information in a “hidden” or “secret” form and is an ancient art.

Cryptography is necessary when communicating data over any network, particularly the Internet. It
protects the data in transit and also the data stored on the disk. Some terms commonly used in

cryptography are:

 Plaintext is the original message that is an input, i.e. unencrypted data.

 Cipher and Code—Cipher is a bit-by-bit or character-by-character transformation without regard to

the meaning of the message. Code replaces one word with another word or symbol. Codes are not used

any more.

 Cipher text—It is the coded message or the encrypted data.

 Encryption—It is the process of converting plaintext to cipher text, using an encryption

algorithm.

 Decryption—It is the reverse of encryption, i.e. converting cipher text to plaintext, using a decryption

algorithm.

Cryptography uses different schemes for the encryption of data. These schemes constitute a pair of

algorithms which creates the encryption and decryption, and a key.

Key is a secret parameter (string of bits) for a specific message exchange context. Keys are important, as

algorithms without keys are not useful. The encrypted data cannot be accessed without the appropriate

key. The size of key is also important. The larger the key, the harder it is to crack a block of encrypted

data. The algorithms differ based on the number of keys that are used for encryption and decryption. The

three cryptographic schemes are as follows:

 Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption,

 Public Key Cryptography (PKC): Uses one key for encryption and another for decryption,

 Hash Functions: Uses a mathematical transformation to irreversibly encrypt information.

In all these schemes, algorithms encrypt the plaintext into cipher text, which in turn is decrypted into

plaintext.

Secret Key Cryptography

 Secret key cryptography uses a single key for both encryption and decryption. The sender uses the key

to encrypt the plaintext and sends the cipher text to the receiver. The receiver applies the same key to
decrypt the message and recover the plaintext. Since a single key is used for encryption and decryption,

secret key cryptography is also called symmetric encryption.

Secret key cryptography (uses a single key for both encryption and decryption)

 Secret key cryptography scheme are generally categorized as stream ciphers or block ciphers.

 Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of

feedback mechanism so that the key is constantly changing.

 Block cipher encrypts one block of data at a time using the same key on each block. In general, the

same plaintext block will always encrypt to the same cipher text when using a same key in a block

cipher.

 Secret key cryptography requires that the key must be known to both the sender and the

receiver. The drawback of using this approach is the distribution of the key. Any person who has the key

can use it to decrypt a message. So, the key must be sent securely to the receiver, which is a problem if

the receiver and the sender are at different physical locations.

 Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are some of the secret key

cryptography algorithms that are in use nowadays.

Public-Key Cryptography

 Public-key cryptography facilitates secure communication over a non-secure communication channel

without having to share a secret key.

 Public-key cryptography uses two keys one public key and one private key.

 The public key can be shared freely and may be known publicly.

 The private key is never revealed to anyone and is kept secret.

 The two keys are mathematically related although knowledge of one key does not allow

someone to easily determine the other key.

 The plaintext can be encrypted using the public key and decrypted with the private key and conversely

the plaintext can be encrypted with the private key and decrypted with the public key. Both keys are
required for the process to work. Because a pair of keys is

required for encryption and decryption; public-key cryptography is also called asymmetric encryption.

 Rivest, Shamir, Adleman (RSA) is the first and the most common public-key cryptography algorithm

in use today. It is used in several software products for key exchange, digital signatures, or encryption of

small blocks of data. The Digital Signature Algorithm (DSA) is used to provide digital signature

capability for the authentication of messages.

Hash Functions

Hash function (have no key since plain text is not recoverable from cipher text)

 Hash functions are one-way encryption algorithms that, in some sense, use no key. This scheme

computes a fixed-length hash value based upon the plaintext. Once a hash function is used, it is difficult

to recover the contents or length of the plaintext

 Hash functions are generally used to ensure that the file has not been altered by an intruder or virus.

Any change made to the contents of a message will result in the receiver calculating a different hash

value than the one placed in the transmission by the sender.

 Hash functions are commonly employed by many operating systems to encrypt passwords.

Message Digest (MD) algorithm and Secure Hash Algorithm (SHA) are some of the common use hash

algorithms. The different cryptographic schemes are often used in combination for a secure

transmission. Cryptography is used in applications like, security of ATM cards, computer passwords,

and electronic commerce. Cryptography is used to protect data from theft or alteration, and also for user

authentication.

Certification Authorities (CA) are necessary for widespread use of cryptography for e-commerce

applications. CAs are trusted third parties that issue digital certificates for use by other parties. A CA

issues digital certificates which contains a public key, a name, an expiration date, the name of authority

that issued the certificate, a serial number, any policies describing how the certificate was issued, how

the certificate may be used, the digital signature of the certificate issuer, and any other information.

Digital Signature
A signature on a legal, financial or any other document authenticates the document. A photocopy of that

document does not count. For computerized documents, the conditions that a signed document must

hold are (1) The receiver is able to verify the sender (as claimed), (2) The sender cannot later repudiate

the contents of the message, (3) The receiver cannot concoct the message himself. A digital signature is

used to sign a computerized document. The properties of a digital signature are same as that of ordinary

signature on a paper. Digital signatures are easy for a user to produce, but difficult for anyone else to

forge. Digital signatures can be permanently tied to the content of the message being signed and then

cannot be moved from one document to another, as such an attempt will be detectable.

Firewall

A firewall is a security mechanism to protect a local network from the threats it may face while

interacting with other networks (Internet). A firewall can be a hardware component, a software

component, or a combination of both. It prevents computers in one network domain from

communicating directly with other network domains. All communication takes place through the

firewall, which examines all incoming data before allowing it to enter the local network

Functions of Firewall—The main purpose of firewall is to protect computers of an organization (local

network) from unauthorized access. Some of the basic functions of firewall are:

 Firewalls provide security by examining the incoming data packets and allowing them to enter the

local network only if the conditions are met.

 Firewalls provide user authentication by verifying the username and password. This ensures that only

authorized users have access to the local network.

 Firewalls can be used for hiding the structure and contents of a local network from external users.

Working of Firewall—The working of firewall is based on a filtering mechanism. The filtering

mechanism keeps track of source address of data, destination address of data and contents of data. The

filtering mechanism allows information to be passed to the Internet from a local network without any

authentication. It makes sure that the downloading of information from the Internet to a local network

happens based only on a request by an authorized user.

 Gateway—The computer that helps to establish a connection between two networks is called gateway.

A firewall gateway is used for exchanging information between a local network and the Internet.

 Proxy Server—A proxy server masks the local network’s IP address with the proxy server IP address,

thus concealing the identity of local network from the external network. Web proxy and application-

level gateway are some examples of proxy servers. A firewall can be deployed with the proxy for

protecting the local network from external network.

 Screening Routers—They are special types of routers with filters, which are used along with the

various firewalls. Screening routers check the incoming and outgoing traffic based on the IP address,

and ports.

Users Identification and Authentication

Identification is the process whereby a system recognizes a valid user’s identity. Authentication is the

process of verifying the claimed identity of a user. For example, a system uses user password for

identification. The user enters his password for identification. Authentication is the system which

verifies that the password is correct, and thus the user is a valid user. Before granting access to a system,

the user’s identity needs to be authenticated. If users are not properly authenticated then the system is

potentially vulnerable to access by unauthorized users. If strong identification and authentication

mechanisms are used, then the risk that unauthorized users will

gain access to a system is significantly decreased.

Authentication is done using one or more combinations of—what you have (like smartcards), what you

know (Password), and what you are (Biometrics like Fingerprints, retina scans).

User Name and Password

The combination of username and password is the most common method of user identification and

authentication. The systems that use password authentication first require the user to have a username

and a password. Next time, when the user uses the system, user enters their username and password. The

system checks the username and password by comparing it to the stored password for that username. If
it matches, the user is authenticated and is granted access to the system.

However, there are several security issues with the use of password, like, any invalid user if gets to

know of a valid password can get access to the system, a simple password can be easily cracked etc.

According to CERT, approximately 80% of all network security issues are caused by bad passwords.

Some actions that can be taken to make the passwords safer are as follows:

 It is good to change passwords periodically. This decreases chances of cracking passwords.

 Make a password complex, like mix case, use numbers and special characters. This decreases ability of

automated attacks by increasing possible character combinations.

 Use longer passwords so as to create exponentially higher number of permutations and

combinations of characters used, making them difficult to break. One can also use a passphrase.

 Be cautious not to leave passwords lying around and don’t share them with friends.

 Do not use your or your families’ name, age, address, city etc., as part of the passwords.

Nearly all modern multiuser computer and network operating systems, at the very least, employ

passwords to protect and authenticate users accessing computer and network resources. The passwords

are not kept in plaintext, but are generally encrypted using some sort of hash scheme.

Smart Card

A smart card is in a pocket-sized card with embedded integrated circuits which can process data. With

an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry

out their own on-card functions (e.g. encryption and mutual authentication) and interact intelligently

with a smart card reader. A smart card inserted into a smart card reader makes a direct connection to a

conductive contact plate on the surface of the card (typically gold plated). Transmission of commands,

data, and card status takes place over these physical contact points.

The smart card is made of plastic, generally PVC. The card may embed a hologram. Using smart cards

is a strong security authentication for single sign-on within large companies and organizations. Smart

cards are used in secure identity applications like employee-ID badges, citizen-ID documents, electronic
passports, driver license and online authentication devices.

Biometric Techniques

Biometrics is the science and technology of measuring and statistically analyzing biological data. In

information technology, biometrics refers to technologies that measures and analyzes human traits for

authentication. This can include fingerprints, eye retinas and irises, voice patterns, facial patterns and

hand measurements, for authentication purposes. Biometrics is still not widely used, though it may play

a critical role in future computers. For example, many PCs nowadays include a fingerprint scanner

where you could place your index finger. The computer analyzes the fingerprint to determine your

identity and authenticate you. Biometric systems are relatively costly and are used in environments

requiring high-level security.

Other Security Measures

In addition to the above discussed security techniques, several other security techniques are used for

security purposes. Some of these are listed below:

 Intrusion Detection Systems—They complement firewalls to detect if internal assets are being

hacked or exploited. A Network-based Intrusion Detection monitors real-time network traffic for

malicious activity and sends alarms for network traffic that meets certain attack patterns or signatures. A

Host-based Intrusion Detection monitors computer or server files for anomalies and sends alarms for

network traffic that meets a predetermined attack signature.

 Virus Protection Software—They should be installed on all network servers, as well as computers.

They screen all software coming into your computer or network system (files, attachments, programs,

etc.) preventing a virus from entering into the system. E.g Kaspersky, Norton

 Data and Information Backups—It is required for disaster recovery and business continuity. Back-

ups should be taken daily and periodically (weekly) and should be kept for at least 30 days while

rotating stockpile.

 Secure Socket Layer (SSL) Used for ensure secure communication over the internet. SSL allows

both server authentication (mandatory) and client authentication (optional). It uses public-key
cryptography (RSA algorithm). HTTP Secure (HTTPS) is an extension to HTTP to provide secure

exchange of documents over the WWW

 IP Security (IPsec) Protocol—IPsec, allows authentication, encryption, and compression of IP traffic.

IPsec can be used to protect any application traffic across the Internet. Applications need not be

specifically designed to use IPsec, unlike SSL where the use of SSL must be incorporated into the

design of application.

Security Awareness

The aim of the security awareness is to enhance the security of the organization’s resources by

improving the awareness of the need to secure the system resources. Staff members play a critical role in

protecting the integrity, confidentiality, and availability of Information systems and networks. It is

necessary for an organization to train their staff for security awareness and accepted computer practices.

Security of resources can be ensured when the people using it are aware of the need to secure their

resources. Security awareness of staff includes the knowledge of practices that must be adhered to, for

ensuring the security and the possible consequences of not using those security practices. For example,

not disclosing your password to unauthorized users is a security practice, but if the users are not aware

of the possible consequences of disclosing the password, they may disclose their password to other

users, unintentionally, thus making their systems prone to security attack. In order to make the users and

people in an organization aware of the security practices to be followed, regular training programs are

conducted in organizations. Awareness is also promoted by regular security awareness sessions,

videotapes, newsletters, posters, and flyers.