Training, Teaching and Learning Materials Development Lo3

What is computer
security?
 Computer
security basically is the Protection of computer systems
and information from harm, theft, and unauthorized
use.
 It is the process of Preventing and detecting
unauthorized use of your computer system

What is the Difference between

Information security and Cyber
security?

Information security is
securing
information from unauthorized access,
modification & deletion.

Cybersecurity is defined as protecting

computer systems, which communicate over
the computer networks

Why is Computer Security

Important?

Monitor and Administer System and Author : Cherkos Wel… Page 1 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

⇝ Computer Security allows the people to carry

out its mission by:
Enabling people to carry out their jobs, education,
and research
Supporting critical business processes
Protecting personal and sensitive information

ENSURE USER ACCOUNTS ARE CONTROLLED

User Access
 The control of user access can take many forms and
apply at several levels. Once a computer is physically
accessed, the user usually logs on to gain access to
applications. These applications will access data in files
and folders.
We can simplify the process down to 3 things.
o Physical access
o Authentication
o Authorization

Physical access
⇝ The first layer of management and security is the
physical access to the computer. To prevent
unauthorized access, a company may make use
Monitor and Administer System and Author : Cherkos Wel… Page 2 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

of:

↪locks on the front doors

↪locks on each floor
↪locks on offices
↪security guards
↪cameras
↪keys on computer systems.

Authentication

⇝ Authentication is the process of verifying the identity of

people who are attempting to access the network or
system.
⇝ The most common method used to authenticate users is
the Username and Password method.
⇝ Other authentication methods include:
o Certificate Based— this requires the user to have
an electronic certificate or token. This may also
need to be digitally signed by a trusted authority.
Kerberos is an example.

Monitor and Administer System and Author : Cherkos Wel… Page 3 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

o Physical devices— these include the use of

smartcards and biometrics. Generally the entire
authentication process occurs on the local
workstation, thus eliminating the need for a special
server.
⇝ Whatever method is used is determined by the organizational
policy and security requirements.

Monitor and Administer System and Author : Cherkos Wel… Page 4 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

Identity Management

↪ In large organizations there may be thousands of users for a

network. These users could be employees, contractors, partners,
vendors and customers. Being able to identify and manage each
of these users is most important because each user has different
requirements and levels of access.

↪ This information is managed using either the Network Operating

System, Directory Services or specialized Identity Management
Software.

↪ Essentially, all of these use a central repository or database that

contains all the user information and credentials. This presents a
single location for all applications and services to use when
authenticating users as required.

Authorization
↪ Once a user has been authenticated (that is their identity
validated) they are granted access to the network or system. For
the user to then access data or an application or execute some
task or command they need be authorized to do so. The
authorization process determines what the user can do on the
network. In other words it enforces the organization policy as
applicable to the user.
↪ The Network and System administrators are responsible for the
technical configuration of network operating systems, directory
services and applications. Part of the configuration includes
security settings that authorize user access. The administrators
use an organizational policy to determine these settings.

Monitor and Administer System and Author : Cherkos Wel… Page 5 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

User Account Configuration

↪ Network and System Administrators are responsible for
configuring user accounts. Network operating systems and
applications have many security options and setting relating to
user access.

How does an administrator determine the configuration

and setting for user accounts? Organization policies and
procedures provide the guidelines for administrators .

User Account Settings

↪ The organization’s policies should make statements as to the

degree of user control that is required. Network procedures
should contain details as to how these policies may be
implemented. For example, the policy may state that user
passwords should not be less than six characters. The
procedures will then describe how the administrator should
configure the operating system to ensure that all passwords are
at least six characters.

↪ The administrator should review the policies to ensure that the

procedures produce the desired outcomes. The procedures
should describe in detail how to make use of the operating
system facilities to configure user accounts in accordance with
the security requirements.

↪ The actual way you set these parameters will vary with each
operating environment, however, here are some basic
parameters covered by most operating systems to consider
Monitor and Administer System and Author : Cherkos Wel… Page 6 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

when setting up user account options.

Monitor and Administer System and Author : Cherkos Wel… Page 7 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

 Password requirements—whether a password is

required, minimum length, complexity, needs to be
changed at intervals, etc
 Account lock out settings—disabling accounts that
have made a number of bad logon attempts
 Access hours—the standard days and time that users
will be permitted to access the network
 Account expiry dates—date when account will be
disabled
 Logon restrictions—accounts can only be used at
specified locations or workstations.
 Home directory information—a home directory is a
folder that usually has the name of the user and the
user has full permissions over.
 Logon scripts—these perform specific tasks or run
specific programs when the user logs on

Monitor and Administer System and Author : Cherkos Wel… Page 8 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

Computer security can be defined as controls

that are put in place to provide
confidentiality, integrity, and availability for
all components of computer systems.

Confidentiality is ensuring that

information is available only to the
intended audience

Integrity is protecting information from

being modified by unauthorized parties

Availability The function of availability in

Network Security is to make sure that the
data, network resources/services are
continuously available to the legitimate
users, whenever they require it.

Monitor and Administer System and Author : Cherkos Wel… Page 9 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

In simple language,
computer security is making
sure information and computer
components are usable but still
protected from people or
software that shouldn’t access
it or modify it.

Computer security threats

 Computer security threats are possible dangers
that can possibly hamper the normal functioning of
your computer. In the present age, cyber threats are
constantly increasing as the world is going digital.
The most harmful types of computer security are:

Viruses
 A computer virus is a malicious program which is
loaded into the user’s computer without user’s
knowledge. It replicates itself and infects the files
and programs on the user’s PC. The ultimate goal of
a virus is to ensure that the victim’s computer will
never be able to operate properly or even at all.

Computer Worm

Monitor and Administer System and Author : Cherkos Wel… Page 10 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

 A computer worm is a software program that can

copy itself from one computer to another, without
human interaction. The potential risk here is that it
will use up your computer hard disk space because a
worm can replicate in great volume and with great
speed.

Phishing
 Disguising as a trustworthy person or business,
phishers attempt to steal sensitive financial or
personal information through fake email or instant
messages.

Botnet
 A botnet is a group of computers connected to the
internet, that have been compromised by a hacker
using a computer virus. An individual computer is
called ‘zombie computer’. The result of this threat is
the victim’s computer, which is the bot will be used
for malicious activities and for a larger scale attack
like DDoS.

Rootkit

Monitor and Administer System and Author : Cherkos Wel… Page 11 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

 A rootkit is a computer program designed to provide

continued privileged access to a computer while
actively hiding its presence. Once a rootkit has been
installed, the controller of the rootkit will be able to
remotely execute files and change system
configurations on the host machine.

Keylogger
 Also known as a keystroke logger, keyloggers can
track the real-time activity of a user on his computer.
It keeps a record of all the keystrokes made by user
keyboard. Keylogger is also a very powerful threat to
steal people’s login credential such as username and
password.

Computer Security Practices

Computer security threats are becoming persistently

inventive these days. There is much need for one to harm
oneself with information and resources to safeguard
Monitor and Administer System and Author : Cherkos Wel… Page 12 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

against these complex and growing computer security

threats and stay safe online. Some preventive steps you
can take include:

 Secure your computer physically by:

 Installing reliable, reputable security and anti-virus
software
 Activating your firewall, because a firewall acts as a
security guard between the internet and your local
area network
 Stay up-to-date on the latest software and news
surrounding your devices and perform software
updates as soon as they become available
 Avoid clicking on email attachments unless you
know the source
 Change passwords regularly, using a unique
combination of numbers, letters and case types
 Use the internet with carefulness and ignore
pop-ups, drive-by downloads while surfing
 Taking the time to research the basic aspects of
computer security and educate yourself on evolving
cyber-threats
 Perform daily full system scans and create a
periodic system backup schedule to ensure your
data is retrievable should something happen to your
computer.

Monitor and Administer System and Author : Cherkos Wel… Page 13 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

What is Network Security?

@ Network security is the security provided to a network

from unauthorized access and risks. It is the duty of
network administrators to adopt preventive measures to
protect their networks from potential security threats.
@ Computer networks that are involved in regular
transactions and communication within the government,
individuals, or business require security.
@ The most common and simple way of protecting a network
resource is by assigning it a unique name and a
corresponding password.

Types of Network Security Devices

↪ Active Devices
These security devices block the excess traffic. Firewalls,
antivirus scanning devices, and content filtering devices
are the examples of such devices.

↪ Passive Devices
These devices identify and report on unwanted traffic, for
example, intrusion detection appliances.

↪ Preventative Devices
These devices scan the networks and identify potential
security problems. For example, penetration testing
devices and vulnerability assessment appliances.

↪ Unified Threat Management (UTM)

Monitor and Administer System and Author : Cherkos Wel… Page 14 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

These devices serve as all-in-one security devices.

Examples include firewalls, content filtering, web caching,
etc.

↪ Firewalls
@ A firewall is a network security system that manages and
regulates the network traffic based on some protocols. A
firewall establishes a barrier between a trusted internal
network and the internet.
@ Firewalls exist both as software that run on a hardware
and as hardware appliances. Firewalls that are hardware-
based also provide other functions like acting as a DHCP
server for that network.
@ Firewalls are commonly used in private networks
or intranets to prevent unauthorized access from the
internet. Every message entering or leaving the intranet
goes through the firewall to be examined for security
measures.

Hardware and Software Firewalls

Hardware firewalls are standalone products. These
are also found in broadband routers. Most hardware
firewalls provide a minimum of four network ports to
connect other computers. For larger networks − e.g., for
business purpose − business networking firewall solutions
are available.
Software firewalls are installed on your computers. A
software firewall protects your computer from internet
threats.

↪ Antivirus

Monitor and Administer System and Author : Cherkos Wel… Page 15 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

An antivirus is a tool that is used to detect and remove

malicious software. It was originally designed to detect and
remove viruses from computers.
Modern antivirus software provide protection not only from
virus, but also from worms, Trojan-horses, adware’s,
spywares, keyloggers, etc. Some products also provide
protection from malicious URLs, spam, phishing attacks,
botnets, DDoS attacks, etc.

Content Filtering
Content filtering devices screen unpleasant and offensive
emails or webpages. These are used as a part of firewalls in
corporations as well as in personal computers. These
devices generate the message "Access Denied" when
someone tries to access any unauthorized web page or
email.
Content is usually screened for pornographic content and
also for violence- or hate-oriented content. Organizations
also exclude shopping and job-related contents.
Content filtering can be divided into the following
categories −

 Web filtering
 Screening of Web sites or pages
 E-mail filtering
 Screening of e-mail for spam
 Other objectionable content

Intrusion Detection Systems

Monitor and Administer System and Author : Cherkos Wel… Page 16 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

 Intrusion Detection Systems, also known as Intrusion

Detection and Prevention Systems, are the appliances
that monitor malicious activities in a network, log
information about such activities, take steps to stop
them, and finally report them.
 Intrusion detection systems help in sending an alarm
against any malicious activity in the network, drop the
packets, and reset the connection to save the IP address
from any blockage. Intrusion detection systems can also
perform the following actions −

 Correct Cyclic Redundancy Check (CRC) errors

 Prevent TCP sequencing issues
 Clean up unwanted transport and network layer
options

Secure Data Transmission

There are a number of methods that use encryption to
ensure that data transmission on a network is secure.

Internet Protocol Security (IPSec)

↪ This protocol defines encryption, authentication

and key management for TCP/IP transmissions. It
secures data in transmission by various means at
the IP packets level.

Monitor and Administer System and Author : Cherkos Wel… Page 17 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

The key components of IPSec are:

o Authentication Header (AH) This component
authenticates and validates data packets.
Each packet basically contains a digital
signature
o Encapsulation Security Payload (ESP) This
component encrypts the data payload of the
packet.
o Internet Key Exchange (IKE) The above
components AH and ESP use asymmetric
encryption. IKE manages the public/private
key exchanges for encryption and decryption.
IPSec can operate in two modes:
 Transport' mode encrypts communications
between two hosts.
 'Tunnel' mode places an encrypted IP packet into a
traditional IP packet to ‘tunnel through' to a
destination.
This is used to support VPN transmissions.

↪ Point-to-Point Tunnelling Protocol

(PPTP)
The original Point-to-Point Protocol (PPP) is an
encapsulation protocol for transporting IP traffic over
point-to-point connections.
The Point-to-point Tunnelling Protocol (PPTP) is an
Monitor and Administer System and Author : Cherkos Wel… Page 18 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

expansion of the existing Point-to-Point Protocol (PPP).

PPTP uses the same principle of encapsulating other
protocol packets so that they can be transported via a
switched network (the Internet) to a specific destination.
The destination receives the PPTP packet and extracts
the encapsulated data. PPTP also supports encryption and
authentication.
This protocol is a proprietary Microsoft development and
is widely used in conjunction with VPN

↪ Layer 2 Tunnelling Protocol (L2TP)

This protocol is similar to PPTP but developed by a
number of industry consortia. This protocol has become
the method of choice for Microsoft Windows VPN
L2TP is just a tunnelling protocol. It is generally used with
IPSec to provide encryption
↪ Virtual Private Network (VPN)

Virtual Private Networks are basically a secure

connection through a network (Internet, WAN, etc) that
connects either computers or networks together. These
connections make remote users appear that they are on
one single network.
The main functions provided by VPNs are tunneling, data
security, data integrity and authentication.

Monitor and Administer System and Author : Cherkos Wel… Page 19 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

↪ Secure Sockets Layer (SSL)

This is a method of encrypting TCP/IP transmissions

between hosts. It is used for the encrypt web pages and
data on web forms reroute. The encryption method uses
public key encryption. It requires Digital Certificates

URLs prefixed with 'HTTPS' initiate an SSL session

between the web browser and web server. Most online
banking facilities will direct you to a secure site with
'HTTPS' at the beginning of the address.

↪ Secure Shell (SSH)

This provides a secure means of establishing remote

connections to a host. It provides authentication via the
exchange of digital certificates and uses public key
encryption. It is mainly used in Unix/Linux environment
and is a means of using insecure protocols (telnet, ftp,
etc) in a secure fashion.

↪ Pretty Good Privacy (PGP)

This is one of the most popular encryption programs. This
Monitor and Administer System and Author : Cherkos Wel… Page 20 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

is a public key encryption system that provides

authentication and encryption. It is commonly used for
email transmissions and supports a wide range of
operating systems. Both commercial and open source
versions are available.

↪ Secure Data Storage

Encryption may be used to protect the confidentiality,
integrity and authenticity of data in storage, such as that
on a hard disk drive or tape. Encryption methods as
discussed previously may be used but careful
consideration must be given to the consequence of this.

Encrypting and decrypting data creates a significant

overhead in terms of time and effort and will affect the
accessibility and management of the data. There may be
key management issues – numerous key pairs required,
digital signatures and CA (certificate authority) required.
Implementation will be determined by the business or
organization needs and requirements.

Monitor and Administer System and Author : Cherkos Wel… Page 21 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

Cryptographic Communication

 Terminology
 Cryptography: Schemes for encryption and
decryption
 Encryption: The process by which plaintext is
converted into cipher text.
 Decryption: Recovering plaintext from the
cipher text
 Secret key: Used to set some or all of the
various parameters used by the encryption
algorithm. In a classical (symmetric key)
cryptography, the same secret key is used for
encryption and decryption
 Cryptanalysis: The study of “breaking the
code”. Cryptanalysts!
 Cryptology: Cryptography and cryptanalysis
together constitute the area of cryptology.

Monitor and Administer System and Author : Cherkos Wel… Page 22 of 28

Network Email: [email protected]
Training, Teaching and Learning Materials Development Lo3

Cryptography has five ingredients:

• Plaintext
• Encryption algorithm
• Secret Key
• Cipher text
• Decryption algorithm
The input message, called plaintext, is
encrypted with a secret (encryption) key.
The encrypted message is called cipher text,
which moves through an unsecure
communication channel, the Internet for
example.

 Cryptography is an example of old and very

simple based on members theory julin Caesar ,
is also called Caesar ciphering .
 The idea was simple shifting of letters
 Replace every letters in the plain text message
by the letter these letters to the right to get
the coded message
 To decode the coded message one needs to
shift each letters 3 unit to ware left

Monitor and Administer System and Author : Cherkos Wel… Page 23 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

⇝ The cross ponding of Caesar cipher is shown

below
Clear text A B C D …. Z
Cipher text D E F G …. A

Example: I LOVE MATH could be seen as ILOVEMATH , just for the

sake of Simplification
Using the Caesar ciphering to encode the message would be read “L
ORYH PDWK “
And to decrypt this message we will use (-3) back warding.

For Caesar ciphering, we have the following two equations

1. € (m)= For Encrypting Original
(m+3)mode 26 Message

2. ∂(s) = (s-3)mod For Decrypting Coded

26 Message

For example : [ Y ] corresponds to the Number 24

Monitor and Administer System and Author : Cherkos Wel… Page 24 of 28
Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

There for using the above Equations to Encrypted

the Letter Y
Let’s Use € (m)= (m+3)mode 26
= 24 +3 mode 26
= 27 mode 26
= 1It produce letter B

To Decrypt the Coded Message also We will

Use
∂(s) = (s-3)mod 26
= ( 1- 3)mode 26
= -2 mode 26
= 26 -2
= 24  produce Y

Exercise : Decrypt the given Message Below

A). KRZ DUH BRX VWXGHQWV
 Affine Cipher – is another type of substitution cipher , just you
pick two Variables “ a “ and ‘ b ‘ and set
1. € (m)= (am+b)mod 26
Gcd ( a , 26 )
2. ∂(s) = x(s-b)mod 26
ax = 1 mod 26
Example: ‘ A ‘ Cross ponds to ‘ 0 ‘
Take the value of a = 3 , and b = 2

Monitor and Administer System and Author : Cherkos Wel… Page 25 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

€ (m)= (am+b)mod 26
= (3(0)+2) mod
26
= 0 +2 mod 26
= 2  produce ‘
C‘

To decrypt the Message

∂(s) = x(s-b)mod 26
ax = 1 mod 1
3x = 1 mod 1
3x = 26 + 1
3x = 27
X=9

Monitor and Administer System and Author : Cherkos Wel… Page 26 of 28

Network Email: [email protected]
 Training, Teaching and Learning Materials Development Lo3

There fore
∂(s) = x(s-b)mod 26
9( 2 – 2) mod 26
9( 0 ) mod 26
0  produce A

). S  Cross ponds to
number ‘ 18
€ (m)= (am+b)mod 26
To decrypted the message
= (3(18)+2 mod
∂(s) = x(s-b) mod 26
26
= 9(4 -2 ) mod 26
= 54 + 2 mode 26
= 9( 2 ) mod 26
= 56 mod 26
= 18  S
= 4  produce ‘
E‘
Exercise :
Decrypt the given message using Affine Ciphering and find
the Original Message

A: FBCNS

Monitor and Administer System and Author : Cherkos Wel… Page 27 of 28

Network Email: [email protected]
Training, Teaching and Learning Materials Development Lo3

Monitor and Administer System and Author : Cherkos Wel… Page 28 of 28

Network Email: [email protected]