unit 5.

information and
Computer Security

Yoseph Amene
Department of information technology.
february 2024

VISION ACADEMY

.
 Introduction to Security
Outline
1. Examples – Security in Practice
2. What is „Security?”
3. Pillars of Security:
Confidentiality, Integrity,
Availability (CIA)
4. Vulnerabilities, Threats, and Controls
5. Attackers
6. How to React to an Exploit?
7. Methods of Defense
8. Principles of Computer Security
2
 Information hiding
Security
Applications Negotiation
Privacy
Integrity Access controlThreats
Data
provenance Biometrics
Semantic web security Fraud
Policy making
Trust
Computer epidemic Encryption
Data mining Anonymity
Formal models
System monitoring
Vulnerabilities Network security

3
 Critical security Infrastructure
Areas
 Include:
 Telecommunications
 Electrical power systems
 Water supply systems
 Gas and oil pipelines
 Transportation
 Government services
 Emergency services
 Banking and finance
 …

4
 2. What is a “Secure” Computer
System?
 To decide whether a computer system is “secure”,
you must first decide what “secure” means to you,
then identify the threats you care about.

You Will Never Own a Perfectly Secure System!

 Threats - examples

Viruses, trojan horses, etc.

Stolen Customer Data

Modified Databases

Identity Theft and other threats to personal privacy

Equipment Theft

Hack-tivism

Cyber terrorism

…

5
 3. Basic Components of Security:
Confidentiality, Integrity, Availability
(CIA)
C I
S
S = Secure
A

 CIA
 Confidentiality: Who is authorized to use
data?
 Integrity: Is data “good?”
 Availability: Can access data whenever
need it?

6
 Need to Balance
 CIA
Example 1: C vs. I+A
 Disconnect computer from Internet to increase
confidentiality
 Availability suffers, integrity suffers due to lost
updates

 Example 2: I vs. C+A

 Have extensive data checks by different
people/systems to increase integrity
 Confidentiality suffers as more people see data,
availability suffers due to locks on data under
verification)

7
 Confidentiality
 “Need to know” basis for data access
 How do we know who needs what data?
Approach: access control specifies who can
access what
 How do we know a user is the person she claims to be?
Need her identity and need to verify this identity
Approach: identification and authentication
 Analogously: “Need to access/use” basis for
physical assets
 E.g., access to a computer room, use of a desktop
 Confidentiality is:
 difficult to ensure
 easiest to assess in terms of success (binary in nature:
8
Yes / No)
 Integrity
 Integrity vs. Confidentiality

Concerned with unauthorized modification of assets
(= resources)
Confidentiality - concered with access to assets

Integrity is more difficult to measure than
confidentiality
Not binary – degrees of integrity
Context-dependent - means different things in
different contexts
Could mean any subset of these asset properties:
{ precision / accuracy / currency / consistency /
meaningfulness / usefulness / ...}

9
 Availability (1)
 Not understood very well yet
Full implementation of availability is security’s next
challenge
E.g. Full implemenation of availability for Internet
users (with ensuring security)

 Complex
Context-dependent
Could mean any subset of these asset (data or
service) properties :
{ usefulness / sufficient capacity /
progressing at a proper pace /
completed in an acceptable period of
time / ...}
10
 Availability (2)

 We can say that an asset (resource) is

available if:
 Timely request response
 Fair allocation of resources (no starvation!)
 Fault tolerant (no total breakdown)
 Easy to use in the intended way
 Provides controlled concurrency
(concurrency control, deadlock control, ...)
[Pfleeger
& Pfleeger]
11
 4. Vulnerabilities, Threats, and

Controls
Understanding Vulnerabilities, Threats, and Controls

Vulnerability = a weakness in a security system

Threat = circumstances that have a potential to
cause harm

Controls = means and ways to block a threat, which
tries to exploit one or more vulnerabilities
 Example - New Orleans disaster (Hurricane Katrina)

Q: What were city vvulnerabilities, theats, and controls?

A: Vulnerabilities: location below water level, geographical
location in hurricane area, …
Threats: hurricane, dam damage, terrorist attack, …
Controls: dams and other civil infrastructures,
emergency response
plan, …

12
  Attack (materialization of a vulnerability/threat
combination)
 = exploitation of one or more vulnerabilities by a threat; tries
to defeat controls

Attack may be:
 Successful (a.k.a. an exploit)

resulting in a breach of security, a system
penetration, etc.
 Unsuccessful


when controls block a threat trying to exploit a
vulnerability
[Pfleeger & Pfleeger]

13
 Kinds of Threats
 Kinds of threats:
 Interception

an unauthorized party (human or not) gains
access to an asset
 Interruption

an asset becomes lost, unavailable, or unusable
 Modification

an unauthorized party changes the state of an
asset
 Fabrication

an unauthorized party counterfeits an asset

14
 Levels of Vulnerabilities / Threats

(reversed order to illustrate interdependencies)

 D) for other assets (resources)


including. people using data, s/w, h/w
 C) for data

„on top” of s/w, since used by s/w
 B) for software

„on top” of h/w, since run on h/w
 A) for hardware
[Pfleeger & Pfleeger]

15
 A) Hardware Level of Vulnerabilities /
Threats
 Add / remove a h/w device

Ex: Snooping, wiretapping
Snoop = to look around a place secretly in order to discover
things about it or the people connected with it. [Cambridge
Dictionary of American English]

Ex: Modification, alteration of a system

...
 Physical attacks on h/w => need physical security: locks
and guards

Accidental (dropped PC box) or voluntary (bombing a
computer room)

Theft / destruction

Damage the machine (spilled coffe, mice, real bugs)

Steal the machine

„Machinicide:” Axe / hammer the machine

...
16
 B) Software Level of Vulnerabilities /
Threats
 Software Deletion
 Easy to delete needed software by mistake
 To prevent this: use configuration
management software
 Software Modification
 Trojan Horses, , Viruses, Logic Bombs,
Trapdoors, Information Leaks (via covert
channels), ...
 Software Theft
 Unauthorized copying

via P2P, etc.
17
 C) Data Level of Vulnerabilities /
Threats
 How valuable is your data?

Credit card info vs. your home phone number

Source code

Visible data vs. context
 Adequate protection

Cryptography

Good if intractable for a long time

18
 Types of Malicious Code
Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure.
Logic bomb - Malicious [program] logic that activates when specified conditions are met.
Usually intended to cause denial of service or otherwise damage system resources.
Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism
(usually software) installed by an intruder, who can activate the trap door to gain access to the
computer without being blocked by security services or mechanisms.
Trojan horse - A computer program that appears to have a useful function, but also has a
hidden and potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the program.
Virus - A hidden, self-replicating section of computer software, usually malicious logic, that
propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another
program. A virus cannot run by itself; it requires that its host program be run to make the virus
active.
Worm - A computer program that can run independently, can propagate a complete working
version of itself onto other hosts on a network, and may consume computer resources
destructively.
More types of malicious code exist… [cf. [Link]

19
 types of malicious codes

20
 Examples of Malicious Code
The most common examples of malicious code out there
include computer viruses, Trojan horses, worms, time bomb,
script attack spyware, ransom ware, trap door ,zombie ,rabbit
and logic bombs. I will go over the mechanics behind each one
in the following subsections.
1 Computer Viruses
A computer virus is a type of malicious application that
executes and replicates itself by injecting its code into other
computer programs. Once the code injection is successful and
the reproduction process is complete, the targeted areas of
the system become infected.
The earliest known virus dates back to the ARPANET of the
1970s, the Internet’s predecessor. Known under the name
Creeper, it was not designed as malicious software, but rather
as part of research into the topic of self-replicating code.
Unfortunately, that soon changed for the worse and in 1982
the first computer virus appeared in the wild. Nevertheless,
the antivirus software industry was developed in response to
the threat. Nowadays, advanced solutions such as our very
21
own are fighting the good fight and keeping devices safe.
 2 Computer Worms
A computer worm is a kind of malicious program
that replicates itself to spread to as many devices
as possible. Its behavior is very similar to that of a
virus, which is why worms are considered a subtype
of virus. It is designed to deal maximum damage
and often spreads itself across a network. For this
reason, this type of threat is also known as a
network worm.
What sets viruses and worms apart is their
propagation method. While the former requires
some sort of human action to travel, the former is
built to proliferate independently. Simply put, a
virus requires victims to unknowingly share infected
websites or files, while a worm uses a system’s
information transport features.

22
 3. Trojan Horses
A Trojan horse, or simply Trojan, is an example of malicious code that
is heavily reliant on social engineering to mislead its targets. Due to
the deceptive practices associated with it, the threat was named
after the Trojan Horse that the Greeks used to sneak their way into
the independent city of Troy and subsequently conquer it.
Unlike a self-replicating computer virus, the Trojan horse requires
users to execute an infected file on the targeted device. This is
where social engineering tactics come in, which see hackers
attempting to trick victims by feigning authority or legitimacy.
Trojans do not try to inject their code into that of other files and do
not propagate across a device. Their main purpose is to create an
application backdoor that can then be further exploited by
cybercriminals to acquire banking details, login credentials, or other
personally identifiable information. 4. Internet Bots
Also known as web robots, Internet bots are software applications
created to run automated scripts. They are often used to perform
simple and repetitive tasks, such as send instant messages or crawl
websites. Facebook and Google notoriously use these ‘good bots’ to
facilitate certain everyday jobs instead of wasting the time of their
human employees.
Nonetheless, such a thing as ‘bad bots’ exists as well. To create
them, cybercriminals infect entire networks of computers with
23
 5. Logic Bombs
A logic bomb is a malicious string of
code that is intentionally inserted into
software and programmed to set off
when certain requirements are met.
Inherently ill-intentioned computer
applications such as viruses and
worms often contain logic bombs
within their makeup that allow them to
execute payloads and predetermined
moments.

24
 6. logic bomb -is a class of malicious
code that "detonates" or goes off when a
specified condition occurs. A time bomb is a
logic bomb whose trigger is a time or date.
7. trapdoor or backdoor -is a
feature in a program by which someone can
access the program other than by the obvious,
direct call, perhaps with special privileges. For
instance, an automated bank teller program might
allow anyone entering the number 990099 on the
keypad to process the log of everyone's
transactions at that machine. In this example, the
trapdoor could be intentional, for maintenance
purposes, or it could be an illicit way for the
implementer to wipe out any record of a crime.
25
 8. Rabbit:
Self-replicating: yes
Population growth: zero
Parasitic: no
Rabbit is the term used to describe malware that multiplies
rapidly.
Rabbits
may also be called bacteria, for largely the same reason.
There are actually two kinds of rabbit. The first is a program
which tries
to consume all of some system resource, like disk space. A
"fork
bomb," a
program which creates new processes in an infinite loop, is a
classic
example
of this kind of rabbit. These tend to leave painfully obvious
trails
pointing to
the perpetrator, and are not of particular interest.
26
 9. Zombies: Computers that have been compromised
can be used by an attacker for
a
variety of tasks, unbeknownst to the legitimate owner;
computers used
in this
way are called zombies. The most common tasks for zombies
are
sending spam
and participating in coordinated, large-scale denial-of-service
attacks.

Signs that your system is Infected by Malware:

Slow down, malfunction, or display repeated error messages

Won't shut down or restart
Serve up a lot of pop-up ads, or display them when you're not
surfing the web
Display web pages or programs you didn't intend to use, or
send
27
emails you didn't write.
28
29
 Classification of viruses
1. appending virus
- appends itself to a program
- most often virus codes precedes
program codes.
- runs wherever a program is executed.

30
 2. Surrounding viruses
- surrounds a program
- executes before and after the infected
program
- the virus covers its tracks .

31
 3. Integrating viruses
- integrate themselves to a program
code.
- spread within infected programs.

32
 4. Replacing viruses
- entirely replace the real code of the
infected program file .

33
34
 nature of computer
viruses
computer viruses are softwares or programs like other
applications but they get attached with the general applications and
use their setup or .exe file to get installed on the computer systems.
Computer viruses are providing to be main cause of crashing
computer system.

Computer virus is a malicious program that is designed to

corrupt or delete the information stored in the computer .
Protective measures
1. installing antivirus
2. cleaning infected computers
3. protecting your computers by monitoring
emails ,downloads and be careful while internet browsing .
Safety rules
* do not open un identified emails from non reliable
senders
* do not download an attachment without scaning for
35 viruses
 How antivirus protects
your computer

1. detecting and eliminating new viruses from

your computer
2. cleaning infected computers
3. protecting computers by monitoring emails,
downloads and protection while internet browsing .

36
 Types of Attacks on Data CIA

 Disclosure
 Attack on data confidentiality
 Unauthorized modification / deception
 E.g., providing wrong data (attack on data integrity)
 Disruption
 DoS (attack on data availability)
 Usurpation
 Unauthorized use of services (attack on data confidentiality,
integrity or availability)

37
 5. Attackers
 Attackers need MOM
 Method
Skill, knowledge, tools, etc. with which to pull off an
attack
 Opportunity
Time and access to accomplish an attack
 Motive
Reason to perform an attack

38
 [Link] of Attackers
 Types of Attackers - Classification 1
 Amateurs

Opportunistic attackers (use a password they found)

Script kiddies
 Hackers - nonmalicious

In broad use beyond security community: also malicious
 Crackers – malicious
 Career criminals
 State-supported spies and information warriors

 Types of Attackers - Classification 2 (cf. before)

 Recreational hackers / Institutional hackers
 Organized criminals / Industrial spies / Terrorists
 National intelligence gatherers / Info warriors

39
7. Methods of Defense
 Five basic approaches to defense of
computing systems
 Prevent attack

Block attack / Close vulnerability
 Deter attack

Make attack harder (can’t make it
impossible )
 Deflect attack

Make another target more attractive than
this target
 Detect attack

During or after
40  Recover from attack
 A) Controls
 Castle in Middle Ages  Computers Today
 Location with natural  Encryption
obstacles  Software controls
 Surrounding moat  Hardware controls
 Drawbridge  Policies and
 Heavy walls procedures

Arrow slits 
Physical controls

Crenellations
 Strong gate

Tower
 Guards / passwords

41
 A.3) Controls: Hardware
Controls
 Hardware devices to provide higher degree of
security
 Locks and cables (for notebooks)
 Smart cards, dongles, hadware keys, ...
 ...

42
 A.5) Controls: Physical
Controls
 Walls, locks
 Guards, security cameras
 Backup copies and archives
 Cables an locks (e.g., for notebooks)
 Natural and man-made disaster
protection
 Fire, flood, and earthquake protection
 Accident and terrorism protection
 ...
43
 school ICT policy

school ICT policy means the rules prepared by the schools to use
ICT.

important issues regarding school ICT policy

Statement defining ICT capability

Aims of ICT in school

Guidance of record keeping assessment

Guidance of health and safety

Specific rules to use E-mail and internet

Information regarding maintenance ,repair and viruses

Date for review

44
End of unit 3
thank you
YOSEPH AMENE
VISION ACADEMY
MARCH 2022